🦊

rain.forest.puppy

When does "root" != "root", but at the same time, "root" == "root" (Confused
yet)?  When you co-mingle programming languages. — RFP, Phrack 55

This page is a small tribute to rain.forest.puppy. RFP is a prolific hacker who discovered many types of attacks (such as SQL injection) and was critical to establishing modern vulnerability disclosure.

RFPolicy v2.0

See Full Disclosure Policy (RFPolicy) v2.0

   \\\ Executive overview for vendors and software maintainers \\\
   
   This policy states the 'guidelines' that an individual intends to
   follow. You basically have 5 days (read below for the definitions and
   semantics of what is considered a 'day') to return contact to the
   individual, and must keep in contact with them *at least* every 5
   days. Failure to do so will discourage them from working with you and
   encourage them to publicly disclose the security problem.
   
   This policy is not set in stone--in fact, it is encouraged that all
   parties regularly communicate with each during the process, adjusting
   as situations arise.

The RFPolicy states a method of contacting vendors about security vulnerabilities found in their products. It was originally written by hacker and security consultant Rain Forest Puppy.

The policy gives the vendor five working days to respond to the reporter of the bug. If the vendor fails to contact the reporter in those five days, the issue is recommended to be disclosed to the general community. The reporter should help the vendor reproduce the bug and work out a fix. The reporter should delay notifying the general community about the bug if the vendor provides feasible reasons for requiring so.

If the vendor fails to respond or shuts down communication with the reporter of the problem in more than five working days, the reporter should disclose the issue to the general community. When issuing an alert or fix, the vendor should give the reporter proper credits about reporting the bug.

https://en.wikipedia.org/wiki/RFPolicy

rfp.labs

Many text files from this section come from RFP’s original site. Some do not. Most were pulled from Archive.org.

You can find other articles and talks online under RFP’s given name.

..writing..

..advisories..

..interviews..

eof

----------------[ Drats...That's the End

Sure is.  By this time I was a little tired of wading through Perl code.  I'll
leave it as an exercise for all of you to go find more.  And if you do,
drop me a line--especially if you find some scripts that you can make use
of the 'pesky pipe problem'.  Anyways, that's all I wrote for this one, so
till next time people.

The “pesky pipe” attack from RFP’s Phrack 55 article (1999) was recently used twenty-five years later in Qualys’ LPE in needrestart disclosure (2024):

We therefore grepped the ScanDeps module for one of the oldest pitfalls
of the Perl programming language: the two-argument form of open(), which
allows attackers to execute arbitrary shell commands if they control the
name of the file to be open()ed (for example, "commands|"). For more
information, please refer to rain.forest.puppy's 1999 Phrack article
("That pesky pipe" section) and the SEI CERT Perl Coding Standard:

  https://phrack.org/issues/55/7.html#article
  https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88890543

Incredibly, we found a match, at line 871 in ScanDeps.pm:

------------------------------------------------------------------------
 868 sub scan_file{
 869     my $file = shift;
 870     my %found;
 871     open my $fh, $file or die "Cannot open $file: $!";
------------------------------------------------------------------------

Greetz to legends.