Date: Tue, 17 Nov 1998 14:00:34 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Mikael Karpberg <karpen@ocean.campus.luth.se> Cc: wam@sa.fedex.com (William McVey), hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? Message-ID: <199811172200.OAA28976@apollo.backplane.com> References: <199811172058.VAA02065@ocean.campus.luth.se>
next in thread | previous in thread | raw e-mail | index | archive | help
:Umm... I have seen no one in this discussion mention this, so I'll say it,
:after repeating what someone DID say "Small well audited setuid programs
:are not a problem". Now... Here's my suggestion, my_xlock.c:
:
:int main() {
: char *str;
: FILE *f;
: int done = 0;
: lock_screen();
: while (!done) {
: str = wait_for_passwd();
: f = popen("/usr/bin/check_pw", "w");
: fprintf(f, "%d %s\n", getuid(), str);
: fflush(f);
: if (!pclose(f)) {
: unlock_screen();
: done = 1;
: } else {
: print_errror("Wrong password");
: }
: }
: return 0;
:}
:
:Seems simple enough to me, and could be used from scripts and everything.
You didn't clear the environment
you didn't reset the path
you didn't reset the resource limits
you didn't disable signals
you are using popen (even with an absolute path),
:...
: *str = '\0';
: pw = getpwnam(buffer);
: }
: str++;
: setting = get_setting_and_move_str(&str);
: if (strcmp(pw->pw_passwd, crypt(str, setting)) == 0)
: return 0;
: return 1;
:}
And you haven't cleared the memory space associated with
either the crypted or unencrypted password info you
just retrieved.
:I'm sure there are minor or even major mistakes in the programs above, but
:I think everyone should get the idea, if the problems are just syntax errors,
:and such. The check_pw program should be small enough to be quite possible to
:do as close to 100% bug free as one can hope to get.
Now, I know I'm being unfair. I'm just trying to point out that
there are a LOT of things an suid program must do to be reasonably
secure, especially if it is going to go off and execute another
program.
-Matt
: /Mikael
:
:To Unsubscribe: send mail to majordomo@FreeBSD.org
:with "unsubscribe freebsd-hackers" in the body of the message
:
Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet
Communications & God knows what else.
<dillon@backplane.com> (Please include original email in any response)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811172200.OAA28976>