At 16.44 04-12-2001, you wrote:
>among other problems. analysis of the gobbles exploit [1] shows its abuse
>of the update process that gets done. in src/ec_main.c:
>{cut}
>so i set my path to be .:$PATH and make my own wget, and what gets
>executed is ./wget. an example one i got to work is:
>
> #!/bin/sh
> id
>
>it honors the permissions of the caller ... this is just executing
>ettercap -v, the update path ...
I supposed that ettercap was already runned by root...
btw I can drop the super user priviledges during the system().
setuid(getuid());
setgid(getgid());
system(wget);
is it ok ?
>yeah. there are some format string problems. and there are probably a
>bunch of other problems. the one gobbles was seeing was likely caused by
>the error function 'void Error_msg(char *message, ...)' which doesn't do
>any formatting.
Error_msg() is ok, it was in the Interface_WExit() the problem.
>you have many issues to fix in the code, it appears. i would disblae the
yes, we know that, but ettercap was coded to prove some ARP insecurity, not
to make a commercial software... ;)
>suid option. yeah, its moronic to install it suid root. however even
>marginaly respecting it (and dropping your priv checks) is a bad idea
>until you can more agressively audit the code, a time consuming process,
>yes. it's a nice tool, i hope you can fix the problems in it.
I hope too... with the help of everyone who finds a bug in it.
Not as goobbles said, without telling us the bugs because we have to find
it ourself.
This is a leet way of thinking an not a good way to improve the community.
bye
--==> ALoR <==---------------------- - - -
ettercap project : http://ettercap.sourceforge.net
e-mail: alor (at) users (dot) sourceforge (dot) net
This archive was generated by hypermail 2b30 : Tue Dec 04 2001 - 14:51:45 PST