[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: C program not working..

Shridhar Daithankar wrote:

>  gets is reported as dangerous...

gets is a "dangerous" function because there is no array-bounds checking
in it.

A huge string can be input which can overwrite beyond the buffer
allocated to it.
In most cases, it will give you a seg fault and core dump, but if
carefully constructed, the same buffer overflow can be made to overwrite
the stack. 

If your program is being run suid root, then the problem becomes
apparent. You can get the suid program using gets() to spawn a
root-shell for you(Yeah, you can get the much desired # prompt!) leading
to system compromise.

finger() used to have it; and the Internet Worm exploted it. The story
goes that when the author of the Internet Worm (then a young college
student) saw the potential for buffer overflow in finger, he got so
excited that he started shouting and jumbing !
[anyone knows what he's doing now-a-days?;) ]

For more details, refer to "Smashing the Stack for Fun and Profit" by
Aleph One [Phrack 51 or so?]. Its religious;)

Just my 2 cents;)

"The molars, I'm sure, will be all right, the molars can take care of
themselves," the old man said, no longer to me.  "But what will become 
of the bicuspids?"
		-- The Old Man and his Bridge
       R o h i t   R o m e h a r s h a n   S i n g h
     WORK:rohitsingh@xxxxxxxxxxxxxxx PLAY:rohit@xxxxxxxx