From kde-core-devel Thu Oct 31 23:53:43 2002 From: Thiago Macieira Date: Thu, 31 Oct 2002 23:53:43 +0000 To: kde-core-devel Subject: Re: vulnerabilty fixed X-MARC-Message: https://marc.info/?l=kde-core-devel&m=103610846425027 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alexander Neundorf wrote: >there was a vulnerabilty in kdenetwork/lanbrowsing/lisa/ running in > restricted mode (reslisa), which enabled a local root exploit, I fixed it > immediatly as it was reported to me. > >Has sun_path on every system the same size ? >It's 108 bytes on my box, but google told me also something about 64 bytes. >Any reliable information ? It has no defined size, as far as I know. On Linux, it's 108-bytes long, but it just seems an arbitrary value. You should check the size of the sun_addr structure and subtract the offset of the sun_path member, if you need to know how big it is. Or, another solution is not to use sun_addr's by themselves, but only pointers and allocate (with malloc) as many bytes as are needed to fit your pathname. See kdecore/netsupp.cpp for an exemple on how I did it and, so far, hasn't been exploited :) - -- Thiago Macieira - UFOT Registry number: 1001 thiagom@mail.com ICQ UIN: 1967141 PGP/GPG: 0x6EF45358 Registered Linux user #65028 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9wcKHM/XwBW70U1gRApx7AJ4toDpZi9VqmuVofrYZyR4Ieu0hogCgnDs/ VqLosM7C51eMXWZIym0sdMc= =Nwi0 -----END PGP SIGNATURE-----