public inbox for java-prs@sourceware.org
help / color / mirror / Atom feed
From: "ben at decadentplace dot org dot uk" <gcc-bugzilla@gcc.gnu.org>
To: java-prs@gcc.gnu.org
Subject: [Bug libgcj/24170] natFilePosix.cc seems to have a security problem
Date: Thu, 10 Nov 2005 11:33:00 -0000 [thread overview]
Message-ID: <20051110113301.13728.qmail@sourceware.org> (raw)
In-Reply-To: <bug-24170-7172@http.gcc.gnu.org/bugzilla/>
------- Comment #7 from ben at decadentplace dot org dot uk 2005-11-10 11:33 -------
I have no interest in constructing buffer overflow exploits, but if someone
were to construct shell-code in a filename it should be possible to use it
against a privileged user of libgcj that reads user-specified directories, even
without different types of filesystem being mounted. If the directory is
specified by a path that includes a symbolic link, and the link is removed in
between gcj's opendir and pathconf calls, the pathconf call will fail and the
resulting buffer will be much too small (at least on Solaris and BeOS).
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24170
next prev parent reply other threads:[~2005-11-10 11:33 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-02 23:12 [Bug libgcj/24170] New: [SECURITY] readdir_r considered harmful ben at decadentplace dot org dot uk
2005-10-02 23:16 ` [Bug libgcj/24170] " ben at decadentplace dot org dot uk
2005-10-02 23:20 ` pinskia at gcc dot gnu dot org
2005-10-02 23:28 ` [Bug libgcj/24170] natFilePosix.cc seems to have a security problem pinskia at gcc dot gnu dot org
2005-10-02 23:38 ` ben at decadentplace dot org dot uk
2005-10-03 1:01 ` dberlin at dberlin dot org
2005-10-03 14:28 ` tromey at gcc dot gnu dot org
2005-11-10 11:33 ` ben at decadentplace dot org dot uk [this message]
2008-02-20 18:27 ` [Bug libgcj/24170] libjava " jason at gcc dot gnu dot org
2008-02-20 18:38 ` tromey at gcc dot gnu dot org
2008-02-20 19:09 ` tromey at gcc dot gnu dot org
2008-02-20 19:10 ` tromey at gcc dot gnu dot org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20051110113301.13728.qmail@sourceware.org \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=java-prs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).