Re: SECURITY PROBLEM: autofs [all versions]
[ I removed a number of people from the To and Cc lines. ]
"Christopher W. Curtis" <ccurtis@aet-usa.com>:
> int main()
> { FILE *foo = popen( "non-executable.file", "r+ );
> fprintf( foo, "hmm" );
> }
This crashes because popen returns NULL, and you use that value without
checking for NULL. This is quite regardless of whether the program
can be executed or not - popen has a large number of reasons why it can
return NULL and anyone not checking the return value deserves to be
eaten alive by bulimic carrier pigeons.
Bug-ridden programs written by hordes of monkeys jumping on keyboards
is not a reason to avoid doing something. In fact, it is a good reason
to do it - to see how amusingly they break so that one can have a good
laugh and can file bug reports with patches to fix the problems.
--
Lars Wirzenius <liw@wapit.com>
Architect, Kannel WAP and SMS Gateway project, Wapit Ltd, http://www.kannel.org
Reply to: