public inbox for java-prs@sourceware.org help / color / mirror / Atom feed
From: "ben at decadentplace dot org dot uk" <gcc-bugzilla@gcc.gnu.org> To: java-prs@gcc.gnu.org Subject: [Bug libgcj/24170] natFilePosix.cc seems to have a security problem Date: Thu, 10 Nov 2005 11:33:00 -0000 [thread overview] Message-ID: <20051110113301.13728.qmail@sourceware.org> (raw) In-Reply-To: <bug-24170-7172@http.gcc.gnu.org/bugzilla/> ------- Comment #7 from ben at decadentplace dot org dot uk 2005-11-10 11:33 ------- I have no interest in constructing buffer overflow exploits, but if someone were to construct shell-code in a filename it should be possible to use it against a privileged user of libgcj that reads user-specified directories, even without different types of filesystem being mounted. If the directory is specified by a path that includes a symbolic link, and the link is removed in between gcj's opendir and pathconf calls, the pathconf call will fail and the resulting buffer will be much too small (at least on Solaris and BeOS). -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24170
next prev parent reply other threads:[~2005-11-10 11:33 UTC|newest] Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top 2005-10-02 23:12 [Bug libgcj/24170] New: [SECURITY] readdir_r considered harmful ben at decadentplace dot org dot uk 2005-10-02 23:16 ` [Bug libgcj/24170] " ben at decadentplace dot org dot uk 2005-10-02 23:20 ` pinskia at gcc dot gnu dot org 2005-10-02 23:28 ` [Bug libgcj/24170] natFilePosix.cc seems to have a security problem pinskia at gcc dot gnu dot org 2005-10-02 23:38 ` ben at decadentplace dot org dot uk 2005-10-03 1:01 ` dberlin at dberlin dot org 2005-10-03 14:28 ` tromey at gcc dot gnu dot org 2005-11-10 11:33 ` ben at decadentplace dot org dot uk [this message] 2008-02-20 18:27 ` [Bug libgcj/24170] libjava " jason at gcc dot gnu dot org 2008-02-20 18:38 ` tromey at gcc dot gnu dot org 2008-02-20 19:09 ` tromey at gcc dot gnu dot org 2008-02-20 19:10 ` tromey at gcc dot gnu dot org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20051110113301.13728.qmail@sourceware.org \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=java-prs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).