This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libgcj/24170] natFilePosix.cc seems to have a security problem



------- Comment #7 from ben at decadentplace dot org dot uk  2005-11-10 11:33 -------
I have no interest in constructing buffer overflow exploits, but if someone
were to construct shell-code in a filename it should be possible to use it
against a privileged user of libgcj that reads user-specified directories, even
without different types of filesystem being mounted. If the directory is
specified by a path that includes a symbolic link, and the link is removed in
between gcj's opendir and pathconf calls, the pathconf call will fail and the
resulting buffer will be much too small (at least on Solaris and BeOS).


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24170


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]