On 2014-04-15, Dave Angel wrote:
> Your variable 'size' is declared as size_t, which is an integer
> the size of a pointer.
While that may always be true in practice (at least with gcc), I don't
think the C standard requires it. size_t is guaranteed to be unsigned
with at least 16 bits and suff
On Tue, Apr 15, 2014 at 7:28 PM, Richard Kettlewell
wrote:
> This program is on a security boundary, the pathological cases are
> precisely the ones the attacker looks for.
>
> (It’s hard to see how an attacker could turn this into a useful attack.
> But perhaps the attacker has more imagination
Chris Angelico writes:
> Richard Kettlewell wrote:
>> Ethan Furman writes:
>>> memset(envp_write, 0, ((unsigned int) envp_read -
>>>(unsigned int) envp_write));
>>
>> That is a remarkable blunder for a security-critical program.
>>
>> On a 64-bit platform,
On Tue, Apr 15, 2014 at 6:15 PM, Chris Angelico wrote:
> then two's complement arithmetic will give the right result
> even if the discarded bits differ.
Clarification: Two's complement isn't the only way this could be done,
but it is the most likely. So, in theory, there are several possible
cau
On Tue, Apr 15, 2014 at 6:00 PM, Richard Kettlewell
wrote:
> Ethan Furman writes:
>> memset(envp_write, 0, ((unsigned int) envp_read -
>>(unsigned int) envp_write));
>
> That is a remarkable blunder for a security-critical program.
>
> On a 64-bit platform
Ethan Furman writes:
> memset(envp_write, 0, ((unsigned int) envp_read -
>(unsigned int) envp_write));
That is a remarkable blunder for a security-critical program.
On a 64-bit platform, the best case outcome is that it will throw away
the top 32 bits of e
On Tue, Apr 15, 2014 at 11:38 AM, Ethan Furman wrote:
> Thanks to everyone for the pointers. ;)
Pun intended, I hope...?
ChrisA
*groan*
--
https://mail.python.org/mailman/listinfo/python-list
Thanks to everyone for the pointers. ;)
--
~Ethan~
--
https://mail.python.org/mailman/listinfo/python-list
On 04/14/2014 06:33 PM, Dave Angel wrote:
(you really should have put a comment, so we'd know this is line
200, 201)
Sorry, not used to asking questions about C code. ;) I'll make sure and do
that next time.
Thanks for the help!
--
~Ethan~
--
https://mail.python.org/mailman/listinfo/py
On Tue, Apr 15, 2014 at 7:13 AM, Ethan Furman wrote:
> When I compiled it I was given a couple warnings. Can any one shed light on
> what they mean?
They mean, most likely, that the author compiled the program on his
own computer and not on any other. If I had to make a guess, I'd say
that it wo
On 2014-04-14, Grant Edwards wrote:
> On 2014-04-14, John Gordon wrote:
>>> char **envp_read;
>>> char **envp_write;
>>
>>> if (envp_write < envp_read)
>>> {
>>> memset(envp_write, 0, ((unsigned int) envp_read -
>>> (unsigned int) envp
On 2014-04-14, John Gordon wrote:
> In Ethan Furman
> writes:
>
>> fprintf(stderr, "Could not allocate %d bytes. errno=%d\n",
>> size, errno);
>
> %d is not the correct specifier for printing objects of type size_t.
I believe %zu is the correct format specifier for s
In Ethan Furman
writes:
> fprintf(stderr, "Could not allocate %d bytes. errno=%d\n",
> size, errno);
%d is not the correct specifier for printing objects of type size_t.
> char **envp_read;
> char **envp_write;
> if (envp_write < envp_read)
> {
For anyone in the unenviable position of needing [1] to run Python scripts with the setuid bit on, there is an
suid-python wrapper [2] that makes this possible.
When I compiled it I was given a couple warnings. Can any one shed light on
what they mean?
14 matches
Mail list logo
