gm4 format strings on OSX

From: dotslashat_private
Date: Sat Oct 20 2001 - 12:22:31 PDT

Next message: Georgi Guninski: "Javascript in IE may spoof the whole screen"

Previous message: Ryan Tucker: "Re: Mac OS X setuid root security hole"
Next in thread: Peter Pentchev: "Re: gm4 format strings on OSX"
Reply: Peter Pentchev: "Re: gm4 format strings on OSX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This in itself is not an issue due to the lack of a suid bit... however 
if I remember correctly there were a few linux suid root binaries that 
were reliant
upon m4 in some way or another thus making them vulnerable to a local 
root expoit. This is on osx 10.1.

[OSXBOX:~] elguapo% ls -al `which m4`
-r-xr-xr-x  1 root  wheel  26696 Sep  2 20:59 /usr/bin/m4
[OSXBOX:~] elguapo% ls -al `which gm4`
-rwxr-xr-x  1 root  wheel  97464 Sep  2 20:53 /usr/bin/gm4
[OSXBOX:~] elguapo% m4 %p
m4: %p: No such file or directory
[OSXBOX:~] elguapo% gm4 %p
gm4: 0x4f4d453d: No such file or directory
[OSXBOX:~] elguapo% gm4 %s
gm4: Memory bounds violation detected (SIGSEGV).  Either a stack overflow
occurred, or there is a bug in gm4.  Check for possible infinite 
recursion.
Segmentation fault

-KF

Next message: Georgi Guninski: "Javascript in IE may spoof the whole screen"
Previous message: Ryan Tucker: "Re: Mac OS X setuid root security hole"
Next in thread: Peter Pentchev: "Re: gm4 format strings on OSX"
Reply: Peter Pentchev: "Re: gm4 format strings on OSX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Oct 21 2001 - 09:42:08 PDT