Georg Buesse provided the C program below as a means to allow users
to mount and umount jaz disks.
Randall S. Winchester" <rsw_at_Glue.umd.edu> and
Serguei Patchkovskii" <patchkov_at_ucalgary.ca>
warn that installing this type of program with the suid bit set
would make the system vulnerable to buffer overflow type security
attacks.
Thanks again to everyone who responded.
rich frank
----------------------------------------------------------------------
> #include <stdio.h>
> #include <strings.h>
> #include <usersec.h>
>
> main(argc, argv)
> char *argv[];
> int argc;
> {
> char sys_call[50];
> const char user[] = "root";
> if (argc != 1)
> {
> printf("Bitte Aufrufsyntax beachten! \n");
> printf("z.B:> start_script \n");
> }else {
>
> sprintf(sys_call, "/home/xxxxx/start_script.sh %s \0 ", "");
> printf ("%s \n" , sys_call);
> /*printf ("%s \n", user);*/
> setpcred(user,NULL);
> system (sys_call);
> }
> }
Received on Tue Aug 25 1998 - 14:48:09 NZST