llama_meme |
07-09-2002 08:26 AM |
Lots of C functions are potentially insecure. As a rule of thumb, if they do string processing or take a variable number of arguments (like printf and scanf), you have to be careful in their use. As an example, using printf like this to display a string entered by the user is insecure:
printf(users_string);
because a malicious user can put formatting directions in the string they enter (e.g. %s) and make printf expect further arguments after user_string, which will cause it to crash. In some cases, clever hackers are able to exploit this to run a small piece of assembly code, which if the C program is suid, can compromise the root account (for example, by opening a root shell).
Alex
|