On Fri, 15 Mar 2002, Kurt Seifried wrote: > So you are willing to guarentee to us that this awk bug will never be > exploitable by an attacker in any circumstance? Cool. Oh wait, that's > totally bogus. No. I can guarantee that a person who can pass arbitrary values to awk's -f option controls the account running such an instance of (GNU) awk without having to resort to the buffer overflow being discussed. Just try those two commands: echo 'BEGIN {system("command of your choice")}' > /tmp/blah awk -f blah Or this single command: echo 'BEGIN {system("command of your choice")}' | awk -f /dev/stdin Of course, the buffer overflow is a bug and it should be fixed. But it is not a real security hole because -f's parameter is a trusted input channel. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
This archive was generated by hypermail 2b30 : Sun Mar 17 2002 - 21:35:55 PST