[2721] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: system() call in suid programs

daemon@ATHENA.MIT.EDU (Jude Poole)
Fri Jun 14 14:14:38 1996

Date: 	Fri, 14 Jun 1996 09:34:15 -0700
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Jude Poole <jude@jeeves.ucsd.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>

Steve,

Exploits basically try to get quotes, semicolons etc into a string used
as an argument to the system call.  Since the system call argumnent is
basically a call to a shell you can do arbitrary nasty things.

Jude


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[2721] in bugtraq

Re: system() call in suid programs

daemon@ATHENA.MIT.EDU (Jude Poole)Fri Jun 14 14:14:38 1996

daemon@ATHENA.MIT.EDU (Jude Poole)
Fri Jun 14 14:14:38 1996