> -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Jeff Macdonald > Sent: Tuesday, May 17, 2011 1:48 PM > To: MH Michael Hammer (5304) > Cc: [email protected] > Subject: Re: [dkim-ops] FW: how can use the DKIM the function > > Ok, I'll bite. > > How can: > > log_write(0, LOG_MAIN, (char *)logmsg) > > be used to arbitrarily inject code? I understand the concept, but > having % in the logmsg with no parameters to feed it seems harmless to > me.
There was some other macro expansion mechanism in there that was unchecked. It wasn't a typical printf-style expansion but it did cause file accesses and the like, meaning user-provided data could cause unauthorized file system operations. Scary. _______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
