format string attack on dbug.c
|Created on||Apr 07, 2010 21:33|
|Resolved on||Apr 09, 2010 13:56|
Some of my students from the compiler course found a flaw in the current implementation of the dbug package (formerly known as Fred Fish). http://en.wikipedia.org/wiki/Format_string_attack In essence, function arguments are directly used as printf format strings, which is a security hole and at least bad programming practice.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information