AFAIK no one suggested yet that trusted path implementations like the ones in recent Phrack issues can be trivially broken with perl XS modules. A step by step guide to convert your favourite exploits can be found in perlxstut(1p). Another way to execute your code in a trusted path environment is exploiting the ability of some programs (e.g. BitchX) to link shared objects at run time from a predefined set or even user-supplied ones. libdl looks at $LD_LIBRARY_PATH too, so the user can supply his own directory with a shared object containing arbitrary code. -- ciao, Marco
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:29:02 PDT