Displaying 2 results from an estimated 2 matches for "fd2p".
Did you mean:
fd2
2006 Jul 08
3
strange limitation on rcmd()
...manual page says, that rcmd() is only to be used by root's processes.
On other OSes (Solaris, AIX), trying to call rcmd() without being root simply
fails.
FreeBSD, however, tries to be helpful and invokes rcmdsh in this case, which
is inefficient and leaves the stderr's filedescriptor (fd2p) unfilled.
Why?
My understanding is, this is to make it harder for would-be attackers to
attack machines with .rhosts-based security. But that is nothing more than a
bad band-aid anyway -- attacker's own implementation of rcmd() (without the
geteuid() checks) is trivial...
So, without pro...
1996 Nov 19
0
Serious BIND resolver problems.
...bytes. The hp->h_length
variable is taken directly from the DNS reply packet. If we now look at how
rcmd() declares it''s variables, and after looking through rlogin with a
debugger, we can determine that this is a dangerous situation.
int rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
char **ahost;
u_short rport;
const char *locuser, *remuser, *cmd;
int *fd2p;
{
struct hostent *hp;
struct sockaddr_in sin, from;
fd_set reads;
On further testing, and implementation of exploitation code, we can verify
that this is indeed...