[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SECURITY PROBLEM: autofs [all versions]



On 05-Jul-00, 17:29 (CDT), "Christopher W. Curtis" <ccurtis@aet-usa.com> wrote: 
> Joey Hess wrote:
> > 
> > Christopher W. Curtis wrote:
> > > However:
> > >
> > > int main()
> > > {     FILE *foo = popen( "non-executable.file", "r+ );
> > >       fprintf( foo, "hmm" );
> > > }
> > 
> > Hint: you must #include <stdio.h> to use popen
> 
> Clue: both popen and fprintf will run fine without a declaration.

Clue: That's not what the standard says. Claims about the behavior of
functions called without a declaration can be justifiably ignored.

> Clue: <stdio.h> needs to be included to typedef FILE

Doesn't this contradict your previous "clue"? How are you going to "use"
popen and fprintf without a FILE *?

> > Hint: popen returns NULL if it fails.
> 
> Clue: popen failed because the program couldn't be executed.

Clue: The presumed point of your example (the behavior of the fprintf()
call) is irrelevant, because you didn't check the value returned by
popen.

No, actually, your example is pointless because it doesn't even compile.

Steve



Reply to: