Hacker News new | past | comments | ask | show | jobs | submit login

In the late 90s, looking for "printf(string)" [0] in the code was a great way to discover remote code execution 0days ;-)

[0] should be "printf("%s", string)".




Very much so, it took a long time for this to become obvious as a security problem.

My memory wuftpd was the first big program to suffer from this class of attacks.


It reminds me of a talk by infosec researcher "The Grugq" about opsec techniques used by blackhat hackers. Its subtitle was because jail is only for wuftpd, I couldn't stop laughing at it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: