Re: GZEXE - the big problem

From: Theo de Raadt (deraadtat_private)
Date: Sat Jan 31 1998 - 10:07:01 PST

Next message: Rafal Wojtczuk: "Defeating Solar Designer non-executable stack patch"

Previous message: RHS Linux User: "Bug in IMail's pop3d32.exe"
Maybe in reply to: Michał Zalewski: "GZEXE - the big problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> GZEXE, part of gzip package, is a small utility which allows
> 'transparent' compressio any kind of executables (just like pklite
> under ms-dos). Unfortunatelly, it may be extremally dangerous. Here's
> the shell script used to decompression:
>
> if /usr/bin/tail +$skip $0 | "/usr/bin"/gzip -cd > /tmp/gztmp$$; then...
> [...]                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> /tmp/gztmp$$ ${1+"$@"}; res=3D$?
> ^^^^^^^^^^^^

This /tmp race was fixed in the OpenBSD back in August... looks like
OpenBSD 2.2 is not vulnerable.

Next message: Rafal Wojtczuk: "Defeating Solar Designer non-executable stack patch"
Previous message: RHS Linux User: "Bug in IMail's pop3d32.exe"
Maybe in reply to: Michał Zalewski: "GZEXE - the big problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:41:17 PDT