A security hole
Darryl P. Wagoner
dpw at unisec.usi.com
Fri Apr 1 00:06:32 AEST 1988
In article <4212 at ihlpf.ATT.COM> nevin1 at ihlpf.UUCP (00704a-Liber,N.J.) writes:
.In article <544 at fig.bbn.com> rsalz at bbn.com (Rich Salz) writes:
..Every single program that is subject to the "IFS" trick can be
..protected by written a wrapper that sets the environment properly,
..then calls the real program.
.
.But what stops the user from bypassing the wrapper and calling the real
.program directly?
Simply, the problem is setuid bit programs that has a popen in them.
This does a exec of "sh -c program argvs". This means that /bin/sh
is the problems with IFS. So how can they bypass?
--
Darryl Wagoner dpw at unisec.usi.com
UniSecure Systems, Inc.; OS/2, Just say No!
Round Rock, Tx; (512)-255-8751 (home) (512)-823-3774
UUCP: {ut-sally!uiucuxc!kitty}!unisec!dpw
More information about the Comp.bugs.sys5
mailing list