Date: Tue, 18 Mar 2003 22:23:12 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Fabio Miranda Hamburger <fabmirha@ns.isi.ulatina.ac.cr> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Offtopic Message-ID: <20030318202312.GE1825@gothmog.gr> In-Reply-To: <Pine.LNX.4.44.0303181314590.32236-100000@ns.isi.ulatina.ac.cr> References: <Pine.LNX.4.44.0303181314590.32236-100000@ns.isi.ulatina.ac.cr>
next in thread | previous in thread | raw e-mail | index | archive | help
Redirected to -questions; -chat is not the list for general questions. On 2003-03-18 13:20, Fabio Miranda Hamburger <fabmirha@ns.isi.ulatina.ac.cr> wrote: > Hi, I have a couple of question: > > 1. A technique for an intruder to keep a root account was creating a > stuid root shell, that is not possible on FreeBSD nowadays, Why is > not possible? How a program like sudo can do that? Foe example, If > i am a sudo 'full admin' I can do this without passwd: > %sudo su > # sudo is already a setuid program. You can't create a setuid root program unless you are already root. > 2. I coded a program that read a wordlist and prints them: > char str1[64]; > ... > while(!(feof(FooPtr)){ > fscanf(FooPtr,"%s\n",str1); > .. > printf("%c",str1[x]); > ... > > If the "character" I going to printf is alpha or numeric, there is > NO problem, but if i am going to print an space, it core dumps... > Why this happens? How can I solve this? We'd have to see the full source to the program. There are a few points about the fragments that I can read so far that are probably worth mentioning, like "don't use fscanf with %s without a limit for %s"... but you should really post the full text of the smallest program that exhibits the problem before anyone could make meaningful comments about why the particular program breaks. - Giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030318202312.GE1825>