My first bug in OpenSolaris

Yesterday, while using getpass* functions & passwd command in solaris, I found a bug. Type passwd command and press ctrl-z to stop that process and bring that process to foreground using fg command. Now, you can see your password while typing it. Basically, tty are settings are reset when you stop the process and bring it to foreground.

when I sent a mail to Sun Security Coordination Team [secure@security.Eng.Sun.COM], they said it was found internally recently and already raised as a bug http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6443857 in OpenSolaris bug database. By mistake, as it is noted as security vulnerability in bug description, so it is not visible outside.

Advertisements

New tricks that I have learned in using debuggers

In gdb/dbx, we can see the variable using addresses. Suppose a structure [struct Box * b] is not deallocated but we are setting it to NULL i.e. b = NULL. We can not access that structure using b. But if we know the address pointed by b [we can get it using print b], we can access it like *(struct Box *) (0x4f2b2448) [assuming 0x4f2b2448 is the address that b points]. Obviously this is a very simple thing. But, I have used it for the first time. Similarly, when setting watchpoints over variables like watch b->length, if the control goes to some other place where this variable b is not in scope, that watchpoint will be deleted. [Atleast this happens in old gdb versions, I’m using SuSE 8]. So, in those cases you can put watch point over address so that it is accessible from anywhere. watch ((struct Box *)(0x4f2b2448))->length works fine.