In the wise words of Rodrigo Barbosa: > On Thu, Feb 21, 2002 at 09:54:39AM +0000, Wodahs Latigid wrote: > > > Again, on Conectiva Linux snapshot: > > > > > > frodo [/home/rodrigob] > slocate abc -oMoP > > > fatal error: slocate: Must specify an 'Update' database option first. > > > frodo [/home/rodrigob] > ls -lap MoP > > > ls: MoP: No such file or directory > > Just out of curiosity, if you give it the > > required option (the 'Update' database > > option), plus the -o option, does it > > still not create the file? > > Yes, the file is created. But as far as I undertood the docs, this is > the expected behaviour. > And reading about the tests of the other list subscribers, looks like > there is no system with any file writable by group slocate. > Now, the question remains: is it possible to compromisse anything with > it ? At first glance, I'm tempted to say "no". Welp, it does seem like auditting the code might prove fruitful. If they can make that mistake, perhaps there's another overflow, possibly in code that takes filenames in from directories. Filenames would definitely constitute user input. My thought is to look at the size of the buffer and look at the maximum allowable filesize under the different filesystems now supported under each operating system its been ported to. Since the Solaris support is only 9 months old, one might get lucky there. - Jay
This archive was generated by hypermail 2b30 : Sun Feb 24 2002 - 19:57:37 PST