-----BEGIN PGP SIGNED MESSAGE----- On 02-Sep-99 Taneli Huuskonen wrote: > + snprintf(command, sizeof(command)-1, "mv %s %s 2>&1 >/dev/null" , oldname, > newname); > return(system(command)); > } > > Without seeing the context, I can't say for sure, but this looks like a > hole big enough to drive a truck through - calling system( ) with > user-supplied arguments. If this code is running with superuser > privileges and shell metacharacters haven't been removed very carefully, > there's going to be a trivial exploit. oh, i've looked at the code and function that contains that system() isn't ever used. :) - --- * Fido: 2:480/124 ** WWW: FreeBSD.lublin.pl/~venglin ** GSM: +48-601-383657 * * Inet: venglinat_private ** PGP: D48684904685DF43 EA93AFA13BE170BF * -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQCVAwUBN8/209O5/yfsePq1AQHydQQAjQP1B1/Y5n11dSP3KreHlchiCOmuFPDC 3/SA+nTMrKBidcO/j37Mm/3biy9SkDmSSnn+EdKZwuCMH8BZ4CUrp6CdQzPwBJ8r oJxcotzFHf3D/ojhhC89PsGfIGJ+L1QJiOuTLFltlJU1eOis8VhIQclT+0eNWVhM g1sgF/mJaXE= =SDuc -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:02:16 PDT