On Mon, Nov 27, 2006 at 04:55:46PM -0500, J. Oquendo wrote: > No it can't. Even if it was rm -rf someone placed in, did you not notice > my grep statement? Only print items with a decimal. At no given point > anywhere on the 13th column whether its Solaris, NetBSD, FreeBSD, would > there be an option for someone to craft anything... J, I realise this is a difficult issue to grasp, but stick with it. Let's say that a ficticious log entry looks like this: DATE ERROR USERNAME ADDRESS PORT And let's say you're trying to print column 4 to get the address. Here's an example: Monday INVALID foobar 123.123.123.123 1024 You print $4 and get 123.123.123.123, excellent. Now lets try logging in as "foo bar". Monday INVALID foo bar 123.123.123.123 1024 Whats in $4 now? That's right, attacker controlled data. > I'll give you addresses if you'd like to take a shot at it. Sure, send them to the list, there are bound to be some takers. Thanks, Tavis. -- ------------------------------------- taviso@xxxxxxxxxxxxxxxx | finger me for my pgp key. -------------------------------------------------------
Attachment:
pgp7bYIA9XrRM.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/