Re: TCSH problems?

From: KF (dotslashat_private)
Date: Wed Jun 06 2001 - 04:33:16 PDT

Next message: KF: "Re: TCSH problems?"

Previous message: KF: "Re: nonsuid overflows... still at risk?"
In reply to: Alex: "Re: TCSH problems?"
Next in thread: KF: "Re: TCSH problems?"
Next in thread: Nasko Oskov: "Re: TCSH problems?"
Reply: KF: "Re: TCSH problems?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yeah see my post from a few hours before... titled "bash overflows"

I have seen at least one post for linux bash overflows but not much
follow up for other OS's.
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%
3D1%26tid%3D13697%26end%3D2001-06-09%26threads%3D0%26start%3D2001-06-03%26
This seems to affect bash and csh and tcsh on SCO and SunOS both.

... gdb dumps are provided with my mailing... 
-KF 

Alex wrote:
> 
>         After some ktracing, and code auditing by myself and a colleague,
> we believe the problem *may* infact be in libc's setenv() and getenv()
> functions.  We were able to duplicate the bug on various platforms, mostly
> causing signal 6s and dumping cores.  Feedback would be appreciated
> 
> > > setenv HOME `perl -e 'print "/" x 10000'`
> 
>                                         ^ Length varies from 1024-10000
> for effectiveness on diffrent OSes.
> 
> -Alex

Next message: KF: "Re: TCSH problems?"
Previous message: KF: "Re: nonsuid overflows... still at risk?"
In reply to: Alex: "Re: TCSH problems?"
Next in thread: KF: "Re: TCSH problems?"
Next in thread: Nasko Oskov: "Re: TCSH problems?"
Reply: KF: "Re: TCSH problems?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 06 2001 - 11:32:31 PDT