From owner-freebsd-bugs Tue Aug 22 0:50: 7 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id DF32237B43E for ; Tue, 22 Aug 2000 00:50:02 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id AAA83002; Tue, 22 Aug 2000 00:50:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from draenor.org (draenor.org [196.36.119.129]) by hub.freebsd.org (Postfix) with ESMTP id F350337B42C for ; Tue, 22 Aug 2000 00:40:13 -0700 (PDT) Received: from marcs by draenor.org with local (Exim 3.16 #1) id 13R8fU-0005yf-00 for FreeBSD-gnats-submit@freebsd.org; Tue, 22 Aug 2000 09:40:20 +0200 Message-Id: Date: Tue, 22 Aug 2000 09:40:20 +0200 From: Marc Silver Reply-To: marcs@draenor.org To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/20775: potential problem with /usr/bin/sockstat Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 20775 >Category: bin >Synopsis: potential problem with /usr/bin/sockstat >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Aug 22 00:50:02 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Marc Silver >Release: FreeBSD 4.1-STABLE i386 >Organization: >Environment: This isn't a majorly serious problem, but it has the potential to cause problems if a user's path is incorrect. >Description: /usr/bin/sockstat incorrectly makes a call to 'netstat/fstat' instead of using the full pathname of the binary when calling it. If a user's path is incorrectly set, this can cause a false binary/script to be run in place of the correct /usr/bin/ commands. >How-To-Repeat: Simply create an executable netstat in your current directory, and change your PATH to that directory. When you run sockstat it will execute the binary in your current directory. >Fix: --- sockstat.old Tue Aug 22 09:29:21 2000 +++ sockstat Tue Aug 22 09:38:40 2000 @@ -40,7 +40,7 @@ $user, $cmd, $pid, $fd, $proto,$laddr, $faddr . -open NETSTAT, "netstat -Aan |" or die "'netstat' failed: $!"; +open NETSTAT, "/usr/bin/netstat -Aan |" or die "'netstat' failed: $!"; ; ; while () { @@ -51,7 +51,7 @@ close NETSTAT; -open FSTAT, "fstat |" or die "'fstat' failed: $!\n"; +open FSTAT, "/usr/bin/fstat |" or die "'fstat' failed: $!\n"; while () { ($user, $cmd, $pid, $fd, $inet, $type, $proto, $sock) = split; >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message