-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> XFree86 3.3.6 (and probably 4.0.0 as well ;) - by running X server (no
> matter it's setuid, or called from setuid Xwrapper - works in both cases,
> seems to me Xwrapper in default RH 6.x distro is rather dumb ;) with
> -xkbmap parameter and over 2100 of 'A's (or shellcode, again, it's rather
> trivial to exploit :), you'll get beautiful overflow with root privledges
> in main (Xserver) process...
I dare disagree:
$ Xwrapper -xkbmap `perl -e 'print "A"x3000'`
Command line argument number 2 is too long
[...]
This is plain RedHat 6.2 and the command line gets refused whenever a
non-root tries to supply an arg longer than 128 chars.
- --
#include <stddisclaimer.h>
PGP Public Key: finger://sakowski.eu.org/pawel
hkp:[EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQA/AwUBOPtUPr5fvVhp3VoPEQLuFQCfSPl7lGV756WcBmBz5zSiteU2apcAoKY7
oxtyN6bTfHUyTDk8O7zEHm74
=YsmG
-----END PGP SIGNATURE-----
