Date: Thu, 6 Apr 2006 19:26:28 +1000 From: Peter Jeremy <peterjeremy@optushome.com.au> To: Sply Splyeff <lists@sply.org> Cc: freebsd-hackers@freebsd.org Subject: Re: setuid scripts wrapper (RFC, proposal) Message-ID: <20060406092628.GC700@turion.vk2pj.dyndns.org> In-Reply-To: <web-5266040@inc.ru> References: <web-5266040@inc.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2006-Apr-06 00:29:27 +0400, Sply Splyeff wrote: >There are some security problems with kernel-level script >setuid execution which discourage from using it. The biggest problem is a race condition between the kernel setting up the set[gu]id() environment and opening the script to find the interpreter and the interpreter opening the script to execute it. This can only be fixed withing the kernel (by passing the script to the interpreter as a pre-opened FD). >Is it strong enough? Maybe there is any slippery ground >left? The biggest problem is its failure to check the sanity of the input parameters - that a particular argument actually exists before referencing it. Other issues I noticed: - strncpy() is virtually always the wrong function. You already do validation so you could just use strcpy() - strncpy(penvd + penvsz, "=", 1); could be penvd[penvsz] = '='; - No error if number of environment variables too great. -- Peter Jeremy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060406092628.GC700>