Date: Thu, 7 Sep 2000 17:23:43 -0500 From: Brad Guillory <round@baileylink.net> To: freebsd-security@FreeBSD.ORG Subject: Re: UNIX locale format string vulnerability (fwd) Message-ID: <20000907172343.F30681@baileylink.net> In-Reply-To: <Pine.BSF.4.21.0009071516460.16976-100000@freefall.freebsd.org>; from kris@FreeBSD.org on Thu, Sep 07, 2000 at 03:20:08PM -0700 References: <200009072215.e87MFtQ24652@xerxes.courtesan.com> <Pine.BSF.4.21.0009071516460.16976-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
The _best_ method would be to convience the OS to run it's own checks on the environment etc just as it would have if it were suid. I can not think of a way to do this. On Thu, Sep 07, 2000 at 03:20:08PM -0700, Kris Kennaway wrote: > On Thu, 7 Sep 2000, Todd C. Miller wrote: > > > Sudo already discards the following: > > This is taking the wrong approach. You can't hope to guess all of the > "magic" environment variables which have special meaning on all platforms > on which sudo may run and implement parallel restrictions in sudo. > > For (a somewhat contrived) example, under Foonix, libc might read a > variable BREAK_TO_EDITOR_ON_EXEC which is ignored when setugid, but which > works otherwise (for "debugging purposes" or whatever). If sudo doesnt > filter this out, then users who can run 'sudo root safecommand' can also > edit any file on the system. > > IMO, sudo (and all other similar "limited privilege" programs) needs to > take a positive filtering approach: disallow all variables by default, > except for those on a defined list of allowed variables for that > application. > > Kris > > -- > In God we Trust -- all others must submit an X.509 certificate. > -- Charles Forsythe <forsythe@alum.mit.edu> > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- __O | Information wants to be free! | __O Bike _-\<,_ | FreeBSD:The Power to Serve (easily) | _-\<,_ to (_)/ (_) | OpenBSD:The Power to Serve (securely) | (_)/ (_) Work To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000907172343.F30681>