On 01-Mar-2000 Derek Callaway wrote: > (gdb) #0 getenv (name=0x40111a70 "") at ../sysdeps/generic/getenv.c:88 >>From this gdb session, it appears that there _could_ be a problem with > the way that glibc's time functions behave. No. getenv() fails because *envp, argc, **argv are AFTER pathname[] buffer and gets overwritten. Of course, it is still exploitable. -- * Fido: 2:480/124 ** WWW: http://www.freebsd.lublin.pl ** NIC-HDL: PMF9-RIPE * * Inet: venglinat_private ** PGP: D48684904685DF43 EA93AFA13BE170BF *
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:38:41 PDT