[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: C program not working..

To: li <linux-india-programmers@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: C program not working..
From: Rohit Singh <rohitsingh@xxxxxxxxxxxxxxx>
Date: Thu, 27 Apr 2000 16:57:41 +0530
Organization: TCS

Shridhar Daithankar wrote:

>  gets is reported as dangerous...

gets is a "dangerous" function because there is no array-bounds checking
in it.

A huge string can be input which can overwrite beyond the buffer
allocated to it.
In most cases, it will give you a seg fault and core dump, but if
carefully constructed, the same buffer overflow can be made to overwrite
the stack. 

If your program is being run suid root, then the problem becomes
apparent. You can get the suid program using gets() to spawn a
root-shell for you(Yeah, you can get the much desired # prompt!) leading
to system compromise.

finger() used to have it; and the Internet Worm exploted it. The story
goes that when the author of the Internet Worm (then a young college
student) saw the potential for buffer overflow in finger, he got so
excited that he started shouting and jumbing !
[anyone knows what he's doing now-a-days?;) ]

For more details, refer to "Smashing the Stack for Fun and Profit" by
Aleph One [Phrack 51 or so?]. Its religious;)

Just my 2 cents;)
Rohit

-- 
"The molars, I'm sure, will be all right, the molars can take care of
themselves," the old man said, no longer to me.  "But what will become 
of the bicuspids?"
		-- The Old Man and his Bridge
===========================================================
       R o h i t   R o m e h a r s h a n   S i n g h
                    http://www.rohit.cx
     WORK:rohitsingh@xxxxxxxxxxxxxxx PLAY:rohit@xxxxxxxx

Prev by Subject: C program not working..
Next by Subject: Capturing OOPS through the serial port
Previous by thread: SUBJECT: Off Topic - cool job offer
Next by thread: regarding blocking of connections
Index(es):
- Subject
- Thread