Date: Tue, 05 Aug 1997 16:14:28 +1000 From: James Seng <jseng@pobox.org.sg> To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch), marcs@znep.com (Marc Slemko) Cc: freebsd@atipa.com (Atipa), jonz@netrail.net (Jonathan A. Zdziarski), ports@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: SetUID Message-ID: <3.0.32.19970805161419.00a65b08@student.anu.edu.au>
next in thread | raw e-mail | index | archive | help
At 23:50 4/08/97 +0200, J Wunsch wrote: >As Marc Slemko wrote: > >> You are being very naive. You can do an awful lot with environment >> variables. What would happen if you set ENV before running your wrapper? >> /bin/sh would see it and execute whatever is in the file it points to. > >No longer. $ENV should only be evaluated for interactive shells. >Recent versions of FreeBSD's /bin/sh handle it this way (but probably >not the version of the guy who's been asking here). > >> What if you set one of a couple of LD_* environment variables? The loader >> would see them and use whatever they point to. > >But that's a right point, indeed. The loader will ignore these >variables for the wrapper, but not for the called executables. In other words, the shell script #!/bin/sh would not be suspetible to ENV parsing problem but the wrapper will. The easilest (and oldest) exploited would probably be using IFS on the posted wrapper program *8) Look at wrapper which comes with sendmail if you really want something which is more secure. -James Seng
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.32.19970805161419.00a65b08>