Re: mICQ roundup

To: Anthony Towns <aj@azure.humbug.org.au>, debian-devel@lists.debian.org
Subject: Re: mICQ roundup
From: Russell Coker <russell@coker.com.au>
Date: Sun, 16 Feb 2003 11:29:16 +0100
Message-id: <[🔎] 200302161129.16409.russell@coker.com.au>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <[🔎] 20030216064917.GA2479@azure.humbug.org.au>
References: <[🔎] 20030215213602.GA5966@o112.hadiko.de> <[🔎] 20030216064206.GB20184@silly.cloud.net.au> <[🔎] 20030216064917.GA2479@azure.humbug.org.au>

On Sun, 16 Feb 2003 07:49, Anthony Towns wrote:
> Uh, have you taken a casual look at the source code? It calls a "print"
> function on some strings -- the only way it could exec 'rm -f $HOME'
> is if it's somehow buffer overruning that print function, or something
> similar. The only thing you can't tell from a casual glance at the source
> code is *what* it's printing.

There are lots of ways of obfuscating an exec of rm.  You could put in 
assembly code to call the system call.  You could have it call system() or 
execve() for some valid purpose and then obfuscate what really happens when 
someone you don't like is running it.

What about deliberately leaving a buffer overflow in the code for the benefit 
of later exploits?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

References:
- mICQ roundup
  - From: Rüdiger Kuhlmann <debian-list-Z03BQH65YjkN@ruediger-kuhlmann.de>
- Re: mICQ roundup
  - From: Hamish Moffatt <hamish@debian.org>
- Re: mICQ roundup
  - From: Anthony Towns <aj@azure.humbug.org.au>

Prev by Date: Re: How should this issue be handled, should it be taken to the Technical Ctte?
Next by Date: Re: Proposal for removal of mICQ package
Previous by thread: Re: mICQ roundup
Next by thread: Re: mICQ roundup
Index(es):
- Date
- Thread