Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 22 Jun 1999 01:08:04 -0400 (EDT)
From:      "Brian F. Feldman" <green@unixhelp.org>
To:        Kris Kennaway <kkennawa@physics.adelaide.edu.au>
Cc:        Peter Wemm <peter@netplex.com.au>, Jean-Marc Zucconi <jmz@freebsd.org>, hoek@freebsd.org, cvs-committers@freebsd.org, cvs-all@freebsd.org
Subject:   Re: cvs commit: src/sys/kern imgact_gzip.c 
Message-ID:  <Pine.BSF.4.10.9906220107400.60297-200000@janus.syracuse.net>
In-Reply-To: <Pine.OSF.4.10.9906221242200.4351-100000@bragg>
next in thread | previous in thread | raw e-mail | index | archive | help 
  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mime@docserver.cac.washington.edu for more info.

--0-1974609729-930028084=:60297
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Tue, 22 Jun 1999, Kris Kennaway wrote:

> On Tue, 22 Jun 1999, Peter Wemm wrote:
> 
> > Ahh yes, I forgot that / was read-write for MFS boots.  However:
> > 
> > #!/bin/sh
> > skip=18
> > if /usr/bin/tail +$skip $0 | gzip -cd > /tmp/gztmp$$; then
> >   chmod 700 /tmp/gztmp$$
> >   prog="`echo $0 | sed 's|^.*/||'`"
> >   if /bin/ln /tmp/gztmp$$ "/tmp/$prog" 2>/dev/null; then
> >     trap '/bin/rm -f /tmp/gztmp$$ "/tmp/$prog"; exit $res' 0
> >     (/bin/sleep 5; /bin/rm -f /tmp/gztmp$$ "/tmp/$prog") 2>/dev/null &
> >     /tmp/"$prog" ${1+"$@"}; res=$?
> >   else
> >     trap '/bin/rm -f /tmp/gztmp$$; exit $res' 0
> >     (/bin/sleep 5; /bin/rm -f /tmp/gztmp$$) 2>/dev/null &
> >     /tmp/gztmp$$ ${1+"$@"}; res=$?
> >   fi
> > else
> >   echo Cannot decompress $0; exit 1
> > fi; exit $res
> 
> This is the unpatched (insecure) version of gzexe (all the /tmp/gztmp$$'s),
> but it's functionally the same.
> 
> > Now, if tail, sh, gzip, chmod, ln, sleep, rm, etc are all in the gzexe'd
> > crunched linked binary, how is it supposed to decompress itself?  "sh" itself
> > is part of the crunched binary, so what is going to decode sh when sh itself
> > is a shell script?
> 
> Yes, that seems to be a problem - gzexe depends on those executables. However
> it shouldn't be too hard to recode this decompressor in C to perform the same
> job without any external dependencies. The question is whether that would be
> easier than fixing the kernel to handle gzipped ELF binaries transparently -
> almost certainly it would be.

How's what I attached?

> 
> Kris
> 
> > Cheers,
> > -Peter
> 
> -----
> "Never criticize anybody until you have walked a mile in their shoes,
> because by that time you will be a mile away and have their shoes."
>     -- Unknown
> 
> 

 Brian Fundakowski Feldman      _ __ ___ ____  ___ ___ ___  
 green@FreeBSD.org                   _ __ ___ | _ ) __|   \ 
     FreeBSD: The Power to Serve!        _ __ | _ \._ \ |) |
       http://www.FreeBSD.org/              _ |___/___/___/ 

--0-1974609729-930028084=:60297
Content-Type: TEXT/PLAIN; charset=US-ASCII; name=zexe
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.BSF.4.10.9906220108040.60297@janus.syracuse.net>
Content-Description: 
Content-Disposition: attachment; filename=zexe

IyEvYmluL3NoDQpvZj1gYmFzZW5hbWUgJDFgX3oNCmNzPSRvZi5jDQpjYXQg
PiAkY3MgPDwgLg0KI2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUg
PHN5cy9tbWFuLmg+DQojaW5jbHVkZSA8c3lzL3dhaXQuaD4NCiNpbmNsdWRl
IDxzeXMvc3RhdC5oPg0KDQojaW5jbHVkZSA8emxpYi5oPg0KI2luY2x1ZGUg
PGVyci5oPg0KI2luY2x1ZGUgPHVuaXN0ZC5oPg0KI2luY2x1ZGUgPHN0ZGlv
Lmg+DQoNCiQoZGVmbGF0ZSA8ICQxIHwgZmlsZTJjICd1X2NoYXIgcHJvZ3Jh
bVtdID0geyAnICcgfTsnKQ0KDQppbnQNCm1haW4oaW50IGFyZ2MsIGNoYXIg
Kiphcmd2KSB7DQoJaW50IHN0YXR1czsNCgl1X2xvbmcgZGVzdExlbiA9IHNp
emVvZihwcm9ncmFtKTsNCgl2b2lkICpvdXRwdXRhZGRyOw0KCWNoYXIgb3V0
cHV0bmFtZVsyNTZdOw0KCWludCBvdXRwdXRmZDsNCg0KCXNucHJpbnRmKG91
dHB1dG5hbWUsIHNpemVvZihvdXRwdXRuYW1lKSwgIiVzLlhYWFhYWCIsIGFy
Z3ZbMF0pOw0KCWlmICgob3V0cHV0ZmQgPSBta3N0ZW1wKG91dHB1dG5hbWUp
KSA9PSAtMSkNCgkJZXJyKDEsICJta3N0ZW1wIik7DQoJb3V0cHV0YWRkciA9
IG1tYXAoTlVMTCwgZGVzdExlbiwgUFJPVF9XUklURSwgTUFQX1NIQVJFRCwg
b3V0cHV0ZmQsIDApOw0KCWlmIChvdXRwdXRhZGRyID09IE1BUF9GQUlMRUQp
DQoJCWVycigxLCAibW1hcCIpOw0KDQoJc3RhdHVzID0gdW5jb21wcmVzcyhv
dXRwdXRhZGRyLCAmZGVzdExlbiwgcHJvZ3JhbSwgc2l6ZW9mKHByb2dyYW0p
KTsNCglzd2l0Y2ggKHN0YXR1cykgew0KCWNhc2UgWl9NRU1fRVJST1I6DQoJ
CWVycigxLCAiWl9NRU1fRVJST1IiKTsNCgljYXNlIFpfQlVGX0VSUk9SOg0K
CQllcnIoMSwgIlpfQlVGX0VSUk9SIik7DQoJY2FzZSBaX0RBVEFfRVJST1I6
DQoJCWVycigxLCAiWl9EQVRBX0VSUk9SIik7DQoJZGVmYXVsdDoNCgkJYnJl
YWs7DQoJfQ0KCW1zeW5jKG91dHB1dGFkZHIsIDAsIE1TX1NZTkMpOw0KCW11
bm1hcChvdXRwdXRhZGRyLCBkZXN0TGVuKTsNCglmdHJ1bmNhdGUob3V0cHV0
ZmQsIGRlc3RMZW4pOw0KCWZjaG1vZChvdXRwdXRmZCwgMDc1NSk7DQoJY2xv
c2Uob3V0cHV0ZmQpOw0KCXN3aXRjaCAoZm9yaygpKSB7DQoJCWNhc2UgMDoN
CgkJCWV4ZWN2KG91dHB1dG5hbWUsIGFyZ3YpOw0KCQljYXNlIC0xOg0KCQkJ
ZXJyKDEsICJmb3JrIik7DQoJCWRlZmF1bHQ6DQoJCQl3YWl0KCZzdGF0dXMp
Ow0KCX0NCgl1bmxpbmsob3V0cHV0bmFtZSk7DQoJZXhpdChzdGF0dXMpOw0K
fQ0KLg0KY2MgLWx6IC1PIC1XYWxsICRjcyAtbyAkb2YNCnJtICRjcw0K
--0-1974609729-930028084=:60297--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9906220107400.60297-200000>