[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
su Password Buffer (again)
|
From: |
agent1 |
|
Subject: |
su Password Buffer (again) |
|
Date: |
Sun, 24 Oct 2004 00:40:02 -0400 (EDT) |
|
User-agent: |
SquirrelMail/1.4.1 |
I posted this awhile back. su has a certain size buffer for the password.
Any data over that buffer is left in the input stream, and fed to the
shell after su exits. This is at this point not a serious issue, but I
think it is an unnecessary evil. A fix is quite simple. Simply change the
password string entered by the user using a substring function, and then
use that string to validate access, as opposed to just leaving the extra
data in the input stream. For anyone that didn't see this the last time I
posted it, see below for an example.
address@hidden su
Password:
su: incorrect password
address@hidden run_pwd
/home/foo
address@hidden
Explanation: On my system, the su password buffer is 206 characters. I
created a simple C++ app to make a system call to "pwd". I created another
C++ app to generate 206 chars. I appended the name of the app I created,
"run_pwd", to the end of the 206 chars, and pasted that as the password to
su.
Zach J. Elko
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- su Password Buffer (again),
agent1 <=