Date: Tue, 7 Dec 1999 13:57:59 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: tstromberg@rtci.com Cc: freebsd-audit@freebsd.org Subject: Re: 10 more overflows (minor) Message-ID: <Pine.BSF.3.96.991207135548.16441E-100000@fledge.watson.org> In-Reply-To: <84723845.944586353513.JavaMail.chenresig@karma>
next in thread | previous in thread | raw e-mail | index | archive | help
Those ones in dump/etc are nasty. :-) So, right now you grab environment information from the binaries, but you could also instrument libc (and others) to report on their use of getenv/etc to some logging mechanism, and then attempt to exploit the ones used. This would help you in situations (that might exist) where the program uses variable string pointers to call getenv. Also, with the fts_ stuff a while, back, that raises the issue of long filenames as a potential source of suffering. Not sure how easy that would be to test, but really suggests a libc test harness (or syscall test harness) that causes unpleasentness for processes running in it. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.991207135548.16441E-100000>