Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Execution Flow Control (EFC)

From: Jarlin <jarlin () ifrance com>
Date: Sat, 16 Aug 2003 21:39:15 +0100



PROS AND CONS OF EFC.

1. Can protect against known or unknown vulnerabilities.

Ok, with that in mind, lets see how well it stands up to "unknown"
attacks...

I'm not one to judge product quality based (partially or otherwise) on
past or current programming mistakes, but if I was, I'd say that
something like:

for(i=0;arg[i]; i++) {
        if ((strncmp(arg[i], "/etc/shadow",11) == 0) ||
                (strncmp(arg[i], "shadow",6) == 0)) {
                        write(1,"arg cannot be shadow\n", 21);
                        return 0;
        }
}

is a pretty poor way of making sure people don't play with your shadow
file.  There are many possibilities here, but the bottom line is that
the webserver had a poorly written CGI application and EFC didn't seem
to do much in the way of stopping someone from exploiting it and
stealing the shadow file.

just what I have done , do a "more /etc/shadoz~" in the webshell.cgi ...


fwiw,

-jon
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_____________________________________________________________________
Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France





--
Jarlin l'enchanteur
_____________________________________________________________________
Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: