Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Format String Attacks
From: Casper Dik <Casper.Dik () HOLLAND SUN COM>
Date: Fri, 15 Sep 2000 09:15:45 +0200

Note that perror() itself may perform localization on some platforms and
under some circumstances (e.g., if compiled with -lintl under Solaris).

perror() is always localized; -lintl isn't an actual library since
Solaris 2.5 when it was merged into libc.

I don't know whether it's exploitable in practice, but it appears to me
as though this wrapper could suffer, at least theoretically, from the
same weakness as the programs it's trying to protect.

That one isn't; no printf is involved in perror().
(It's gettext(strerror(errno)) written with write)

Of course, there are two other gaping holes in the wrapper, so
that point is a bit moot.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]