Date: Fri, 14 Feb 2003 18:41:17 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: pura life CR <puralifecr@hotmail.com> Cc: freebsd-chat@freebsd.org Subject: Re: 2 Misc questions Message-ID: <3E4DA8CD.48E77D9F@mindspring.com> References: <F36UzmRf6Ci6nx8dyDd0001948d@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
pura life CR wrote:
> 1. is this suid root code exploitable with a buffer overflow technique:
> /* foo.c */
> main(int argc, char *argv[]){
> ...
> setuid(0)
> ...
> if ( ((strcmp(argv[i],"foo")) == 0)
> || ((strcmp(argv[i],"bar")) == 0) )
> ....
> }
I depends on what's in the second "..." or "....". 8-) 8-). The
strcmp's along are not explotable, since both compares stop at the
4th byte in.
> 2. how can I redirect stderr to /dev/null? for example when I am 'finding' a
> file in the whole dir tree I dont want to look at the "permised denied"
> warning.
> ej: find / -name "foo" -print > /dev/null & <--- how to redict stderr
>
> that's all for now....
Depends on the shell. For /bin/sh, for example, it's:
find / -name "foo" -print > /dev/null 2>&1 &
See the man page for the shell you are using for information specific
to that shell.
-- Terry
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E4DA8CD.48E77D9F>