Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 22 Aug 2000 09:40:20 +0200
From:      Marc Silver <marcs@draenor.org>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   bin/20775: potential problem with /usr/bin/sockstat
Message-ID:  <E13R8fU-0005yf-00@draenor.org>
next in thread | raw e-mail | index | archive | help 

>Number:         20775
>Category:       bin
>Synopsis:       potential problem with /usr/bin/sockstat
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 22 00:50:02 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Marc Silver
>Release:        FreeBSD 4.1-STABLE i386
>Organization:
>Environment:

	This isn't a majorly serious problem, but it has the potential to cause problems if a user's path is incorrect.

>Description:

	/usr/bin/sockstat incorrectly makes a call to 'netstat/fstat' instead of using the full pathname of the binary when calling it.  If a user's path is incorrectly set, this can cause a false binary/script to be run in place of the correct /usr/bin/ commands.

>How-To-Repeat:

	Simply create an executable netstat in your current directory, and change your PATH to that directory.  When you run sockstat it will execute the binary in your current directory.

>Fix:

--- sockstat.old	Tue Aug 22 09:29:21 2000
+++ sockstat	Tue Aug 22 09:38:40 2000
@@ -40,7 +40,7 @@
 $user,   $cmd,    $pid, $fd, $proto,$laddr,               $faddr
 .
 
-open NETSTAT, "netstat -Aan |" or die "'netstat' failed: $!";
+open NETSTAT, "/usr/bin/netstat -Aan |" or die "'netstat' failed: $!";
 <NETSTAT>; <NETSTAT>;
 
 while (<NETSTAT>) {
@@ -51,7 +51,7 @@
 
 close NETSTAT;
 
-open FSTAT, "fstat |" or die "'fstat' failed: $!\n";
+open FSTAT, "/usr/bin/fstat |" or die "'fstat' failed: $!\n";
 
 while (<FSTAT>) {
     ($user, $cmd, $pid, $fd, $inet, $type, $proto, $sock) = split;

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E13R8fU-0005yf-00>