unhide (part #1)

In the Linux package unhide, which is rootkit detection software.

// Temporary string for output
char scratch[1000] ;
char cmdcont[1000] ;


               size_t length ;
               char myexe[512] ;

//               printf("%s\n",myexe);

               length = readlink(myexe, cmdcont, 1000) ;

This use of readlink() is in a few places in the code. The trouble is that PATH_MAX isn't 1000.

# getconf -a|grep PATH_MAX
PATH_MAX                           4096
_POSIX_PATH_MAX                    4096

This probably leads to a rootkit bypass for unhide.


Popular posts from this blog

Linux Kernel Infoleaks

Memory Bugs in Multiple Linux Kernel Drivers using DebugFS

ASUS DSL-AC3100 Router Firmware radvd Bugs