Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Reg Quinton (reggersist.uwaterloo.ca)
Date: Mon Dec 17 2001 - 11:50:54 CST
> 2) Reg Quinton has written a wrapper to login which he believes will
> block an exploit:
Several folks have explained the vulnerability to me and why my trick
doesn't work. This is the most concise:
> from Fletcher Mattox [fletchercs.utexas.edu]:
>cs.utexas.edu$ rsh cs -l zortl
>login: zortl xxx=yyy <- this is typed by the user on stdin to login
> after the program has been exec'd and command
> line args have been processed. the same code
> processes this line (in getargs()) which is
> used to parse the command line and in which
> the buffer overflow occurs.
A wrapper like I proposed won't help at all there.