Date: Tue, 18 Mar 2003 22:23:12 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Fabio Miranda Hamburger <fabmirha@ns.isi.ulatina.ac.cr> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Offtopic Message-ID: <20030318202312.GE1825@gothmog.gr> In-Reply-To: <Pine.LNX.4.44.0303181314590.32236-100000@ns.isi.ulatina.ac.cr> References: <Pine.LNX.4.44.0303181314590.32236-100000@ns.isi.ulatina.ac.cr>
next in thread | previous in thread | raw e-mail | index | archive | help
Redirected to -questions; -chat is not the list for general questions.
On 2003-03-18 13:20, Fabio Miranda Hamburger <fabmirha@ns.isi.ulatina.ac.cr> wrote:
> Hi, I have a couple of question:
>
> 1. A technique for an intruder to keep a root account was creating a
> stuid root shell, that is not possible on FreeBSD nowadays, Why is
> not possible? How a program like sudo can do that? Foe example, If
> i am a sudo 'full admin' I can do this without passwd:
> %sudo su
> #
sudo is already a setuid program. You can't create a setuid root
program unless you are already root.
> 2. I coded a program that read a wordlist and prints them:
> char str1[64];
> ...
> while(!(feof(FooPtr)){
> fscanf(FooPtr,"%s\n",str1);
> ..
> printf("%c",str1[x]);
> ...
>
> If the "character" I going to printf is alpha or numeric, there is
> NO problem, but if i am going to print an space, it core dumps...
> Why this happens? How can I solve this?
We'd have to see the full source to the program. There are a few
points about the fragments that I can read so far that are probably
worth mentioning, like "don't use fscanf with %s without a limit for
%s"... but you should really post the full text of the smallest
program that exhibits the problem before anyone could make meaningful
comments about why the particular program breaks.
- Giorgos
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030318202312.GE1825>