Displaying 1 result from an estimated 1 matches for "userrfilenam".
Did you mean:
userrfilename
1998 May 28
0
ALERT: Tiresome security hole in "xosview", RedHat5.1?
...this
didn''t work regardless.
Anyway. I ran the following highly complicated and time-consuming command
on the xosview sources:
grep strcpy *.cc
Tricky one eh? Perhaps vaguely sensible when shipping a new SUID binary,
i.e. REDHAT THINK!!!!!!
Results of grep include, in Xrm.cc
char userrfilename[1024];
strcpy(userrfilename, getenv("HOME"));
Ohhh that''s nice. Hey but wait that can''t be dangerous. The author clearly
knew what he/she was doing:
char className[256];
strncpy(className, name, 255); // Avoid evil people out there...
Appears later. I found...