[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <BAY8-F6ekGaLVMoROmq0001b5d6@hotmail.com>
From: downbload at hotmail.com (DownBload / Illegal Instruction Labs)
Subject: LOL, stupid calife maintainer - this can't be true
Hi,
This can't be true...
Imagine this - there is one programmer who doesn't know how to write a
secure code (in fact, there are many of them, but I will give you just one
example).
He doesn't know anything about security, so he decided to write a suid-root
application (good choice).
Name of that app. is calife (http://www.freshports.org/security/calife/).
Name of that "programmer" is Ollivier Robert.
After few minutes of code audit, I found a simple-plain-stupid strcpy() in
authentication process (check vuln-description here:
http://www.securityfocus.com/archive/1/355510/2004-02-25/2004-03-02/0).
I didn't contact him before bugtraq and now he is mad on me...and he said
this:
roberto:
-------------------------------------------------------------------------------------
Fix a potential security problem on Linux/glibc whose getpass(3) apparently
fails with very long passwords leading to a segfault. It may be exploitable.
FreeBSD is *not* vulnerable.
No thanks to: the jerk who posted on bugtraq w/o mailing me beforehand.
-------------------------------------------------------------------------------------
STFU!!!
That isn't linux glibc security problem, there is nothing wrong with
getpass().
DON'T BLAME LINUX GLIBC FOR YOUR LAME PROGRAMMING AND LACK OF SECURITY
KNOWLEDGE.
BTW: I wouldn't allow you to code even hello world program.
Vulnerable code ("glibc problem" ;-) ->
/root/calife-2.8.4c/db.c
------------------------
...
char got_pass = 0;
char * pt_pass, * pt_enc,
* user_pass, * enc_pass, salt [10];
user_pass = (char *) xalloc (l_size);
enc_pass = (char *) xalloc (l_size);
...
for ( i = 0; i < 3; i ++ )
{
pt_pass = (char *) getpass ("Password:");
memset (user_pass, '\0', l_size);
strcpy (user_pass, pt_pass); // <- BAD CODE
pt_enc = (char *) crypt (user_pass, calife->pw_passwd);
memset (enc_pass, '\0', l_size);
strcpy (enc_pass, pt_enc);
}
...
free (user_pass); // <- FUN CODE ;-)
free (enc_pass); // <- FUN CODE ;-)
...
------------------------
My advise - DON'T USE CALIFE - it is VERY buggy - use sudo or super insted.
Bye.
_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8.
http://join.msn.com/?page=features/junkmail
Powered by blists - more mailing lists