Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 7 Sep 2000 17:23:43 -0500
From:      Brad Guillory <round@baileylink.net>
To:        freebsd-security@FreeBSD.ORG
Subject:   Re: UNIX locale format string vulnerability (fwd)
Message-ID:  <20000907172343.F30681@baileylink.net>
In-Reply-To: <Pine.BSF.4.21.0009071516460.16976-100000@freefall.freebsd.org>; from kris@FreeBSD.org on Thu, Sep 07, 2000 at 03:20:08PM -0700
References:  <200009072215.e87MFtQ24652@xerxes.courtesan.com> <Pine.BSF.4.21.0009071516460.16976-100000@freefall.freebsd.org>
index | next in thread | previous in thread | raw e-mail 

The _best_ method would be to convience the OS to run it's own checks on
the environment etc just as it would have if it were suid.

I can not think of a way to do this.

On Thu, Sep 07, 2000 at 03:20:08PM -0700, Kris Kennaway wrote:
> On Thu, 7 Sep 2000, Todd C. Miller wrote:
> 
> > Sudo already discards the following:
> 
> This is taking the wrong approach. You can't hope to guess all of the
> "magic" environment variables which have special meaning on all platforms
> on which sudo may run and implement parallel restrictions in sudo.
> 
> For (a somewhat contrived) example, under Foonix, libc might read a
> variable BREAK_TO_EDITOR_ON_EXEC which is ignored when setugid, but which
> works otherwise (for "debugging purposes" or whatever). If sudo doesnt
> filter this out, then users who can run 'sudo root safecommand' can also
> edit any file on the system.
> 
> IMO, sudo (and all other similar "limited privilege" programs) needs to
> take a positive filtering approach: disallow all variables by default,
> except for those on a defined list of allowed variables for that
> application.
> 
> Kris
> 
> --
> In God we Trust -- all others must submit an X.509 certificate.
>     -- Charles Forsythe <forsythe@alum.mit.edu>
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
    __O    |     Information wants to be free!     |     __O    Bike
  _-\<,_   |  FreeBSD:The Power to Serve (easily)  |   _-\<,_    to
 (_)/ (_)  | OpenBSD:The Power to Serve (securely) |  (_)/ (_)  Work


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000907172343.F30681>