Best of show – abuse of libc

[kderbyma]

awesome. I didn't know about that printf hack....time for some fun experiments

[saagarjha]

Be careful, though, you don't want anyone to hack you through printf ;)

[segfaultbuserr]

In the late 90s, looking for "printf(string)" [0] in the code was a great way to discover remote code execution 0days ;-)

[0] should be "printf("%s", string)".

[stevekemp]

Very much so, it took a long time for this to become obvious as a security problem.

My memory wuftpd was the first big program to suffer from this class of attacks.

[segfaultbuserr]

It reminds me of a talk by infosec researcher "The Grugq" about opsec techniques used by blackhat hackers. Its subtitle was because jail is only for wuftpd, I couldn't stop laughing at it.