From owner-freebsd-arch Sun Feb 3 16:22: 1 2002 Delivered-To: freebsd-arch@freebsd.org Received: from kayak.xcllnt.net (209-128-86-226.bayarea.net [209.128.86.226]) by hub.freebsd.org (Postfix) with ESMTP id DC61737B420 for ; Sun, 3 Feb 2002 16:21:44 -0800 (PST) Received: from dhcp01.pn.xcllnt.net (dhcp01.pn.xcllnt.net [192.168.4.201]) by kayak.xcllnt.net (8.11.6/8.11.4) with ESMTP id g140Li654943; Sun, 3 Feb 2002 16:21:44 -0800 (PST) (envelope-from marcel@kayak.pn.xcllnt.net) Received: (from marcel@localhost) by dhcp01.pn.xcllnt.net (8.11.6/8.11.6) id g13F7nf25396; Sun, 3 Feb 2002 07:07:49 -0800 (PST) (envelope-from marcel) Date: Sun, 3 Feb 2002 07:07:49 -0800 From: Marcel Moolenaar To: Paul Richards Cc: arch@FreeBSD.org Subject: Re: install(1) to use a cross strip(1) Message-ID: <20020203070749.A25330@dhcp01.pn.xcllnt.net> References: <20020201231306.A670@dhcp01.pn.xcllnt.net> <1012779534.18110.0.camel@lobster.originative.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1012779534.18110.0.camel@lobster.originative.co.uk> User-Agent: Mutt/1.3.21i Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Feb 03, 2002 at 11:38:54PM +0000, Paul Richards wrote: > > > > --- xinstall.c 19 Dec 2001 06:05:42 -0000 1.47 > > +++ xinstall.c 27 Jan 2002 08:54:51 -0000 > > @@ -702,6 +702,7 @@ > > strip(to_name) > > const char *to_name; > > { > > + char *stripbin; > > int serrno, status; > > > > switch (fork()) { > > @@ -711,7 +712,10 @@ > > errno = serrno; > > err(EX_TEMPFAIL, "fork"); > > case 0: > > - execlp("strip", "strip", to_name, (char *)NULL); > > + stripbin = getenv("STRIPBIN"); > > + if (stripbin == NULL) > > + stripbin = "strip"; > > + execlp(stripbin, stripbin, to_name, (char *)NULL); > > err(EX_OSERR, "exec(strip)"); > > default: > > if (wait(&status) == -1 || status) { > > It's strikes me as being to risky from a security perspective. > > You'd have to be really sure that there wasn't a trojan generator > masquerading as STRIPBIN. I've been thinking about this as well. I couldn't quite figure out how an environment variable that allows any binary to be used as a strip(1) alternative would be more insecure than depending on PATH for finding where strip(1) is. In both cases the system administrator has to make sure a known environment exists (ie known PATH vs known setting (or absence) of STRIPBIN). On the other hand, adding an insecure mechanism, even when not more insecure than an existing one, will add an extra item to the check- list and thus will increase the likelyhood of a hole... -- Marcel Moolenaar USPA: A-39004 marcel@xcllnt.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message