[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Re: Gaim festival plugin exploit

To: Dale Harris <rodmur@maybe.org>
Subject: Re: [Full-Disclosure] Re: Gaim festival plugin exploit
From: merlyn@stonehenge.com (Randal L. Schwartz)
Date: 23 Oct 2003 17:03:08 -0700

>>>>> "Dale" == Dale Harris <rodmur@maybe.org> writes:

Dale> So let me guess  open FEST "|..." uses popen(), right?

No, it doesn't.  It uses its own code, which looks at the string
to see if there are shell constructs, and if not, avoids the
shell by parsing whitespace and args on its own.


-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Re: Gaim festival plugin exploit
  - From: merlyn@stonehenge.com (Randal L. Schwartz)
- RE: [Full-Disclosure] Re: Gaim festival plugin exploit
  - From: "Scott Phelps / Dreamwright Studios" <scottp@dreamwright.com>
- Re: [Full-Disclosure] Re: Gaim festival plugin exploit
  - From: Dale Harris <rodmur@maybe.org>

Prev by Date: Re: [inbox] Re: [Full-Disclosure] RE: Linux (in)security
Next by Date: RE: [inbox] Re: [Full-Disclosure] RE: Linux (in)security
Previous by thread: Re: [Full-Disclosure] Re: Gaim festival plugin exploit
Next by thread: [Full-Disclosure] Re: Gaim festival plugin exploit
Index(es):
- Date
- Thread