Re: mICQ roundup
On Sun, 16 Feb 2003 07:49, Anthony Towns wrote:
> Uh, have you taken a casual look at the source code? It calls a "print"
> function on some strings -- the only way it could exec 'rm -f $HOME'
> is if it's somehow buffer overruning that print function, or something
> similar. The only thing you can't tell from a casual glance at the source
> code is *what* it's printing.
There are lots of ways of obfuscating an exec of rm. You could put in
assembly code to call the system call. You could have it call system() or
execve() for some valid purpose and then obfuscate what really happens when
someone you don't like is running it.
What about deliberately leaving a buffer overflow in the code for the benefit
of later exploits?
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: