Date: Thu, 2 Dec 1999 07:54:52 +1100 From: Peter Jeremy <jeremyp@gsmx07.alcatel.com.au> To: Thomas Stromberg <tstromberg@rtci.com> Cc: freebsd-audit@FreeBSD.ORG Subject: Re: Where to start? Heres a few overflows. (smashwidgets) Message-ID: <99Dec2.074732est.40322@border.alcanet.com.au> In-Reply-To: <38452E6B.C820BD4A@rtci.com> References: <199912010552.HAA19929@gratis.grondar.za> <38452E6B.C820BD4A@rtci.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1999-Dec-02 01:19:23 +1100, Thomas Stromberg wrote: >Can't get it yet I'm afraid. Once I can finish the base tool, I still >need to get approval to release this to the public domain since it was >developed through my employment. This shouldn't be a big hurdle. I >should be able to post a copy up on a webpage early next week. I'll >continue to post results in this list however. Good. This sounds quite useful. > I wish system() would return a pid or something. Since system() blocks until the child exit()s, the pid wouldn't be much use. Why not build it yourself using fork()/exec()? >Things I compile under Solaris with gcc leave the enviroment variables >in plain text in the binary, but not say, >/usr/openwin/bin/kcms_configure or any of the other base toolset. Most X11 environment variables are actually in the shared libraries. I suspect the same is true for KDE. You'll need to use ldd to pick out the shared libraries and then run strings over them. (This isn't the best approach because there's nothing to indicate which parts of the shared library are actually used). You also have the problem that the names of environment variables may be created on the fly (eg browser proxy environment variables). > Whats >a nice automated way to find out what enviroment variables are used by a >binary? truss was no help here it seems. truss (and ktrace) won't work because the environment is in user space and doesn't generate any system calls. > Maybe some gdb wizardry..? You could put a breakpoint on getenv() and check the passed argument. The list you get in this way may not reflect all the environment variables potentially used, of course. An alternative would be to build your own libc.so with a replaced getenv() [and friends]. This still won't work for statically linked programs or for programs that grovel around in envp themselves. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99Dec2.074732est.40322>