[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Execution Flow Control (EFC)
- To: Jon Hart <warchild@spoofed.org>, Shanphen Dawa <list@hardlined.com>
- Subject: Re: [Full-Disclosure] Execution Flow Control (EFC)
- From: Jarlin <jarlin@ifrance.com>
- Date: Sat, 16 Aug 2003 21:39:15 +0100
>
> PROS AND CONS OF EFC.
>
> 1. Can protect against known or unknown vulnerabilities.
>
> Ok, with that in mind, lets see how well it stands up to "unknown"
> attacks...
>
> I'm not one to judge product quality based (partially or otherwise) on
> past or current programming mistakes, but if I was, I'd say that
> something like:
>
> for(i=0;arg[i]; i++) {
> if ((strncmp(arg[i], "/etc/shadow",11) == 0) ||
> (strncmp(arg[i], "shadow",6) == 0)) {
> write(1,"arg cannot be shadow\n", 21);
> return 0;
> }
> }
>
> is a pretty poor way of making sure people don't play with your shadow
> file. There are many possibilities here, but the bottom line is that
> the webserver had a poorly written CGI application and EFC didn't seem
> to do much in the way of stopping someone from exploiting it and
> stealing the shadow file.
just what I have done , do a "more /etc/shadoz~" in the webshell.cgi ...
>
> fwiw,
>
> -jon
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> _____________________________________________________________________
> Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
> http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France
>
--
Jarlin l'enchanteur
_____________________________________________________________________
Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html