Re: SECURITY PROBLEM: autofs [all versions]
Adam Heath wrote:
>
> On Wed, 5 Jul 2000, Christopher W. Curtis wrote:
>
> > Joey Hess wrote:
> > >
> > > Christopher W. Curtis wrote:
> > > > However:
> > > >
> > > > int main()
> > > > { FILE *foo = popen( "non-executable.file", "r+ );
> > > > fprintf( foo, "hmm" );
> > > > }
> > > Hint: '"r+' is not valid C
> >
> > Clue: 'is not valid C' isn't even wrong. It's an unterminated string
> > constant, plain and simple.
>
> typos can be overlooked. That isn't the point.
>
> >
> > > Hint: popen returns NULL if it fails.
> >
> > Clue: popen failed because the program couldn't be executed.
>
> Fact: popen can't fail if it wasn't called.
explain to us all how popen is not called.
here is source:
-----------------------------
#include <stdio.h>
int main()
{ FILE *f = popen( "ksdjfsdf", "r+" );
fprintf( f, "foo" );
return 0;
}
-----------------------------
~$ make f
cc f.c -o f
~$ ltrace ./f
__libc_start_main(0x08048430, 1, 0xbffffc34, 0x080482d8, 0x0804849c
<unfinished ...>
__register_frame_info(0x080494dc, 0x080495b4, 0xbffffbd8, 0x4003de68,
0x400f5078) = 0x400f5c20
popen("ksdjfsdf", "r+") = NULL
fprintf(0, "foo" <unfinished ...>
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++
>
> > [and the pissing contest ensues...]
>
> Declaration of Facts keeps going
>
> ----BEGIN GEEK CODE BLOCK----
> Version: 3.12
> GCS d- s: a-- c+++ UL++++ P+ L++++ !E W+ M o+ K- W--- !O M- !V PS--
> PE++ Y+ PGP++ t* 5++ X+ tv b+ D++ G e h*! !r z?
> -----END GEEK CODE BLOCK-----
> ----BEGIN PGP INFO----
> Adam Heath <doogie@debian.org> Finger Print | KeyID
> 67 01 42 93 CA 37 FB 1E 63 C9 80 1D 08 CF 84 0A | DE656B05 PGP
> AD46 C888 F587 F8A3 A6DA 3261 8A2C 7DC2 8BD4 A489 | 8BD4A489 GPG
> -----END PGP INFO-----
Reply to: