Date: Fri, 7 Apr 2006 05:00:04 +1000 From: Peter Jeremy <peterjeremy@optushome.com.au> To: Sply Splyeff <lists@sply.org> Cc: freebsd-hackers@freebsd.org, cv@io.ru Subject: Re: setuid scripts wrapper (RFC, proposal) Message-ID: <20060406190004.GD700@turion.vk2pj.dyndns.org> In-Reply-To: <web-5272059@inc.ru> References: <redirect-1461310@inc.ru> <web-5272059@inc.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2006-Apr-06 14:49:25 +0400, Sply Splyeff wrote: >> The biggest problem is its failure to check the sanity of the input >> parameters - that a particular argument actually exists before >> referencing it. > >Do you mean that evil Bob can substitue Alice's script between stat() and execve() calls? >Yes, I've missed this point. Actually Bob can replace the script anytime between the initial statfs() call in your script and the interpreter opening the script sometime after the execve() call. You should be able to get around this by opening the script first, using fstatfs() and fstat() and passing the script as /dev/fd/N to the interpreter. What I was actually referring to was your use of argv[1], argv[2], argv[3] and argv[4] without checking argc or otherwise validating them. -- Peter Jeremy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060406190004.GD700>