[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SECURITY PROBLEM: autofs [all versions]



Joey Hess wrote:
> 
> Christopher W. Curtis wrote:
> > However:
> >
> > int main()
> > {     FILE *foo = popen( "non-executable.file", "r+ );
> >       fprintf( foo, "hmm" );
> > }
> 
> Hint: you must #include <stdio.h> to use popen

Clue: both popen and fprintf will run fine without a declaration.
Clue: <stdio.h> needs to be included to typedef FILE

> Hint: '"r+' is not valid C

Clue: 'is not valid C' isn't even wrong.  It's an unterminated string
constant, plain and simple.

> Hint: popen returns NULL if it fails.

Clue: popen failed because the program couldn't be executed.

[and the pissing contest ensues...]

Christopher



Reply to: