Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Format String Attacks
From: Serguei Patchkovskii <patchkov () UCALGARY CA>
Date: Wed, 13 Sep 2000 11:38:43 -0600

On Wed, 13 Sep 2000, Doug Hughes wrote:

Since I don't recall anybody else posting one, here is a simple, generic,
setuid wrapper that people could use around, for instance, /usr/bin/eject
or other setuid programs.

Yeah, it will certainly make it unnecessary to go through the bother of
exploiting any of the format string bugs. However, it is quite unlikely
to make your systems any safer:

#include <unistd.h>

main( int argc, char *argv[] )
execl( argv[1], "./gotcha", NULL ) ;

#include <stdio.h>
#include <stdlib.h>

main (int argc, char *argv[]) {

      char *origfile;
      char *envp[1] = { (char *) NULL };

      if ((origfile = (char *) malloc(strlen(argv[0])+6)) == NULL) {
              perror("allocating memory");
      strcpy(origfile, argv[0]);
      strcat(origfile, ".orig");

      execve(origfile, argv, envp);

Home page: http://www.cobalt.chem.ucalgary.ca/ps/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]