Re: SECURITY PROBLEM: autofs [all versions]
On Wed, 5 Jul 2000, Christopher W. Curtis wrote:
> Adam Heath wrote:
> >
> > On Wed, 5 Jul 2000, Christopher W. Curtis wrote:
> >
> > > Joey Hess wrote:
> > > >
> > > > Christopher W. Curtis wrote:
> > > > > However:
> > > > >
> > > > > int main()
> > > > > { FILE *foo = popen( "non-executable.file", "r+ );
> > > > > fprintf( foo, "hmm" );
> > > > > }
> > > > Hint: '"r+' is not valid C
> > >
> > > Clue: 'is not valid C' isn't even wrong. It's an unterminated string
> > > constant, plain and simple.
> >
> > typos can be overlooked. That isn't the point.
> >
> > >
> > > > Hint: popen returns NULL if it fails.
> > >
> > > Clue: popen failed because the program couldn't be executed.
> >
> > Fact: popen can't fail if it wasn't called.
Bah, ignorance was strong in your family.
You said popen failed because the program couldn't be executed. Which means
that popen is never called. Something can't fail if it is never called.
Your own logic is self contradicting.
I have stated earlier that I would upload a 'fix' for the autofs security
'problem' for Debian 2.2r1. It was implied that if I had to make an upload
for TC3, that the fix would be included. Now, I won't even attempt to this
fix.
----BEGIN GEEK CODE BLOCK----
Version: 3.12
GCS d- s: a-- c+++ UL++++ P+ L++++ !E W+ M o+ K- W--- !O M- !V PS--
PE++ Y+ PGP++ t* 5++ X+ tv b+ D++ G e h*! !r z?
-----END GEEK CODE BLOCK-----
----BEGIN PGP INFO----
Adam Heath <doogie@debian.org> Finger Print | KeyID
67 01 42 93 CA 37 FB 1E 63 C9 80 1D 08 CF 84 0A | DE656B05 PGP
AD46 C888 F587 F8A3 A6DA 3261 8A2C 7DC2 8BD4 A489 | 8BD4A489 GPG
-----END PGP INFO-----
Reply to: