Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_1

Bugtraq archives for 1st quarter (Jan-Mar) 1995: firewall HTTPD

firewall HTTPD

*Hobbit* (hobbitbronze.lcs.mit.edu)
Wed, 15 Feb 1995 18:37:14 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Paul 'Shag' Walmsley: "Re: Fixing the NCSA HTTPD 1.3"
Previous message: Matthew Hannigan: "Re: IFS"

I've looked this over carefully, and can't find any instances of setuid(),
gets(), popen(), strcat(), exec() or the like that look questionable to me.
But you should read all 2.5 Mb of the code yourself just to make sure!

Smileys are for wimps...

_H*

==============================
#include <stdio.h>

main () {
  char buf[80];
  fgets (buf, 77, stdin);
  printf ("\
<h1>	Acme Widgets Corporate Headquarters </h1>\r\n\
\r\n\
     Sorry, no Web server here.  Try \
<a href=ftp://ftp.acmewidgets.com>anonymous FTP.</a>\r\n\
");
  fflush (stdout);
  sleep (1);		/* so the net finishes flushing */
  exit (0);
}

Next message: Paul 'Shag' Walmsley: "Re: Fixing the NCSA HTTPD 1.3"
Previous message: Matthew Hannigan: "Re: IFS"