vulnerabilty fixed

Thiago Macieira thiagom at
Thu Oct 31 23:53:43 GMT 2002

Hash: SHA1

Alexander Neundorf wrote:
>there was a vulnerabilty in kdenetwork/lanbrowsing/lisa/ running in
> restricted mode (reslisa), which enabled a local root exploit, I fixed it
> immediatly as it was reported to me.
>Has sun_path on every system the same size ?
>It's 108 bytes on my box, but google told me also something about 64 bytes.
>Any reliable information ?

It has no defined size, as far as I know. On Linux, it's 108-bytes long, but 
it just seems an arbitrary value.

You should check the size of the sun_addr structure and subtract the offset of 
the sun_path member, if you need to know how big it is. Or, another solution 
is not to use sun_addr's by themselves, but only pointers and allocate (with 
malloc) as many bytes as are needed to fit your pathname.

See kdecore/netsupp.cpp for an exemple on how I did it and, so far, hasn't 
been exploited :)

- -- 
  Thiago Macieira - UFOT Registry number: 1001
 thiagom at
   ICQ UIN: 1967141  PGP/GPG: 0x6EF45358
     Registered Linux user #65028
Version: GnuPG v1.2.0 (GNU/Linux)


More information about the kde-core-devel mailing list