Re: SECURITY PROBLEM: autofs [all versions]
Joey Hess wrote:
>
> Christopher W. Curtis wrote:
> > However:
> >
> > int main()
> > { FILE *foo = popen( "non-executable.file", "r+ );
> > fprintf( foo, "hmm" );
> > }
>
> Hint: you must #include <stdio.h> to use popen
Clue: both popen and fprintf will run fine without a declaration.
Clue: <stdio.h> needs to be included to typedef FILE
> Hint: '"r+' is not valid C
Clue: 'is not valid C' isn't even wrong. It's an unterminated string
constant, plain and simple.
> Hint: popen returns NULL if it fails.
Clue: popen failed because the program couldn't be executed.
[and the pissing contest ensues...]
Christopher
Reply to: