Re: Buffer overflow in awk

From: Rui Miguel Silva Seabra (rmsat_private)
Date: Fri Mar 15 2002 - 15:17:20 PST

Next message: NoCoNFLiC: "FW: [Re: Rather large MSIE-hole] another variant"

Previous message: Russell Handorf: "Re: Wireless Legality- Netstumbler and kin"
In reply to: sekureat_private: "Re: Buffer overflow in awk"
Next in thread: wu2ftpd-ovich: "Re: Buffer overflow in awk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2002-03-15 at 18:39, sekureat_private wrote:
> In my Debian Potato r5 and Conectiva Linux 7 it worked too! 
> But i would ask the some thing, why find a bug in awk and exploit it ? 
> 1) It isn't suid root in linux.
> 2) doesn't used in web applications
> Then, why exploit it ?

Simple: awk is such a basic application that's likely being used in many
scripts, some of which, probably, as root.

It doesn't need being suid. All it needs is being run by root.
If something's suid, it just means that anyone that can execute, will
run the program as if he was the owner (usually root on system
binaries).

Hugs, rui

-- 
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Ghandi
+ So let's do it...?

application/pgp-signature attachment: This is a digitally signed message part

Next message: NoCoNFLiC: "FW: [Re: Rather large MSIE-hole] another variant"
Previous message: Russell Handorf: "Re: Wireless Legality- Netstumbler and kin"
In reply to: sekureat_private: "Re: Buffer overflow in awk"
Next in thread: wu2ftpd-ovich: "Re: Buffer overflow in awk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Mar 15 2002 - 16:38:53 PST