Topics

1

Sharp ROMs / Sharp Development Kit Disappeared

« on: August 02, 2005, 11:21:16 am »

Hi,

it seems that the location of the development kit from Sharp for their Roms is no longer available out there? http://www.zaurus.com/dev links to a boring product page under www.sharpusa.com without the kit in 5-klick range (at least the links I tried ;).

Does anyone have the development kit? Is it also usable for the Zaurus C3100? How do you develop things for the original Sharp ROM on Zaurus?


Ciao, Imi.

2

OpenZaurus/Opie/Qtopia / Stack Exploit In Busybox Rmmod?

« on: July 29, 2005, 08:45:12 pm »

Hi,

while I am waiting for my OpenEmbedded to finish compiling, I just looked over some patches in the packages directory:

From packages/busybox/busybox-1.00/rmmod.patch

@@ -109,7 +120,10 @@
                for (n = optind; n < argc; n++) {
 #ifdef CONFIG_FEATURE_2_6_MODULES
                        char module_name[strlen(argv[n]) + 1];
-                       filename2modname(module_name, argv[n]);
+                       if (k_version != 4)
+                               filename2modname(module_name, argv[n]);
+                       else
+                               strcpy(module_name, argv[n]);
 #else
 #define module_name            argv[n]
 #endif


I am not sure whether the char declaration itself is exploitable using very large command line arguments, but with the strcpy it get worse since now you can inject code if the line argument exceeds the stack size. If busybox run suid... (well, this only gets interesting if the root-password isn't just empty ;-)


Ciao, Imi.