tags 531883 + security thanks Hi, * Olaf van der Spek <[email protected]> [2009-06-05 00:12]: > When I start httping and then disconnect the SSH session, > httping keeps running. This is unexpected behaviour. Why > doesn't it exit?
It looks like httping is installing a signal handler for
SIGHUP to do a memory dump which doesn't set the start
variable used in the main loop to quit the pinging :/
Folkert any reason this is needed? Can we just strip this
functionality? I didn't actually notice it so far.
Besides this has a small (not that important :) security
issue:
static void MEMLOG(char *s, ...)
{
va_list ap;
FILE *fh = fopen("log.log", "a+");
if (!fh)
error_exit("error logging\n");
va_start(ap, s);
vfprintf(fh, s, ap);
va_end(ap);
fclose(fh);
}
So in case a victim is executing httping in a directory the attacker
has write privileges to he can place a symlink log.log pointing to
an arbitrary file of the victim and write httping memory dumps in it
by sending SIGHUP to the httping process.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
pgpXUEXOSVg4R.pgp
Description: PGP signature
