|
|
|
|
|
|
by srl
4878 days ago
|
|
|
This solution is worse than the shell hack, by a lot. From the source: char filename[MAXNAMELEN];
and then a few lines down... filename_size = 0;
memcpy(&filename_size, buf, sizeof(int));
memcpy(filename, &buf[sizeof(int)], filename_size);
Oops! Looks like both the client and the server have to be trusted, otherwise we've got at least one probably-exploitable vulnerability. And there's no mechanism for authentication, so it's really only safe to use on locally-secured network. (That took about 40 seconds to find, by the way - I would not be particularly suprised if there were more subtly lurking issues.)I sympathize with the sentiment of "people should go out and try to create things themselves, even at the risk of failing" (or "especially" at the risk of failing), but from any objective standpoint, bcp isn't a good program. 400 lines of C to badly accomplish what 2 lines of shell can do? Someone else commented about it being very much in the unix spirit - no, I don't really think so. netcat + openssl would be in the unix spirit. Not meant to be a criticism of the author - it's a cool project, if you don't care about certain "real-world" concerns (which isn't as unreasonable as it sounds). |
|
|