bin/64150: [PATCH] ls(1) coredumps when started via execve(2)
with no argv.
Marc Olzheim
marcolz at stack.nl
Fri Mar 12 03:15:26 PST 2004
On Fri, Mar 12, 2004 at 01:06:57PM +0200, Ruslan Ermilov wrote:
> And the fact that optind is initially set to 1. I wonder what
> could be the implications for setuid programs. There could be
> quite unpredictable results, as the "argv" pointer is incorrectly
> advanced in this case, and at least several setuid programs that
> I've glanced at are vulnerable to this attack.
See also: http://www.freebsd.org/cgi/query-pr.cgi?pr=33738
Marc
More information about the freebsd-security
mailing list