At 16.44 04-12-2001, you wrote: >among other problems. analysis of the gobbles exploit [1] shows its abuse >of the update process that gets done. in src/ec_main.c: >{cut} >so i set my path to be .:$PATH and make my own wget, and what gets >executed is ./wget. an example one i got to work is: > > #!/bin/sh > id > >it honors the permissions of the caller ... this is just executing >ettercap -v, the update path ... I supposed that ettercap was already runned by root... btw I can drop the super user priviledges during the system(). setuid(getuid()); setgid(getgid()); system(wget); is it ok ? >yeah. there are some format string problems. and there are probably a >bunch of other problems. the one gobbles was seeing was likely caused by >the error function 'void Error_msg(char *message, ...)' which doesn't do >any formatting. Error_msg() is ok, it was in the Interface_WExit() the problem. >you have many issues to fix in the code, it appears. i would disblae the yes, we know that, but ettercap was coded to prove some ARP insecurity, not to make a commercial software... ;) >suid option. yeah, its moronic to install it suid root. however even >marginaly respecting it (and dropping your priv checks) is a bad idea >until you can more agressively audit the code, a time consuming process, >yes. it's a nice tool, i hope you can fix the problems in it. I hope too... with the help of everyone who finds a bug in it. Not as goobbles said, without telling us the bugs because we have to find it ourself. This is a leet way of thinking an not a good way to improve the community. bye --==> ALoR <==---------------------- - - - ettercap project : http://ettercap.sourceforge.net e-mail: alor (at) users (dot) sourceforge (dot) net
This archive was generated by hypermail 2b30 : Tue Dec 04 2001 - 14:51:45 PST