>/bin/sh exists to run shell commands. That is the purpose of the >shell. NASM, on the other hand, is designed to create object files >from assembly files. If NASM starts running arbitrary code on your >machine, it's doing something unauthorized. That is a security hole. >By typing "nasm file.S" you are not intending to authorize the author >of file.S to take over your account, right? What other purpose does NASM have other than to compile code and then, implicitely, run it? I could buy the argument for a webbrowser or a wordprocessor; but a assembler or compiler? >Also, could you please show me this shell script you speak of? All the >shell scripts I know of that give me root access require me to type the >root password. If you have found a way around this, then you are >correct, "every UNIX system on Earth has a remote hole". :) Any script which exploits a local security hole would do. >Setting buff[1023] to '\0' is a good idea, since vsnprintf won't do >that if vsprintf(buff, fmt, args) generates 1024 bytes. You should have paid better attention in class. Casper
