[37896] in bugtraq
Re: DJB's students release 44 *nix software vulnerability advisories
daemon@ATHENA.MIT.EDU (Casper.Dik@Sun.COM)
Wed Dec 22 15:52:36 2004
Message-Id: <200412221756.iBMHuIMa028075@vaticaan.Holland.Sun.COM>
From: Casper.Dik@Sun.COM
To: Jonathan Rockway <jrockw2@uic.edu>
Cc: bugtraq@securityfocus.com
In-Reply-To: <A938F918-53CC-11D9-88EF-000D932F57A2@uic.edu>
Date: Wed, 22 Dec 2004 18:56:18 +0100
>/bin/sh exists to run shell commands. That is the purpose of the
>shell. NASM, on the other hand, is designed to create object files
>from assembly files. If NASM starts running arbitrary code on your
>machine, it's doing something unauthorized. That is a security hole.
>By typing "nasm file.S" you are not intending to authorize the author
>of file.S to take over your account, right?
What other purpose does NASM have other than to compile code
and then, implicitely, run it?
I could buy the argument for a webbrowser or a wordprocessor;
but a assembler or compiler?
>Also, could you please show me this shell script you speak of? All the
>shell scripts I know of that give me root access require me to type the
>root password. If you have found a way around this, then you are
>correct, "every UNIX system on Earth has a remote hole". :)
Any script which exploits a local security hole would do.
>Setting buff[1023] to '\0' is a good idea, since vsnprintf won't do
>that if vsprintf(buff, fmt, args) generates 1024 bytes.
You should have paid better attention in class.
Casper
