Wednesday, October 22, 2008

PAM spam

About PAM, the cool Pluggable Authentication Modules common across
all major Linux dists.

I recently was involved in a project that used PAM to authenticate users via some
special kind of hardware. A note to developers and reviewers: keep in mind
that pam_syslog() and pam_prompt() expect a format string as argument.
In case you write your own log-wrapping code which expects format strings itself,
you still need to pass resulting strings via the "%s" format specifier to these pam functions!
Keep in mind that attackers may pass
strings like "%%s%%n" to the first (correct) format-resolver which open a format string vulnerability
to following incorrect calls as it is shrinked to "%s%n".

Monday, October 13, 2008

Linus blogs!

It has been once more proved to me that blogs are, most of the time, not really
worth reading. Especially if they do not cover any technical or scientific details
(such as this posting :). Even more weird, a blog about family stuff and dogs
which is interesting like a XSS-attack inside cat. Really worth announcing it at heise news.
Apparently even more worth for people to reply with 100's of comments for such postings.