A security hole
Johan Vromans
jv at mhres.mh.nl
Thu Mar 24 21:35:59 AEST 1988
In article <544 at fig.bbn.com> rsalz at bbn.com (Rich Salz) writes:
>Every single program that is subject to the "IFS" trick can be
>protected by written a wrapper that sets the environment properly,
>then calls the real program.
I tried to replace "/bin/sh" this way, and although everything seemed to
work great, eventually I found out that all my outbound news was being
rejected with a "inews: inbound news is garbled" on the remote machines.
Didn't have the time to track down the problem, so my system is insequre
again. Any suggestions?
#---------------- sh.c ----------------
main (argc, argv)
int argc;
char *argv[];
{
putenv ("IFS=\" \t\n\"");
execv ("/bin/SH", argv);
return -1;
}
#---------------- ----------------
--
Johan Vromans | jv at mh.nl via European backbone
Multihouse N.V., Gouda, the Netherlands | uucp: ..{uunet!}mcvax!mh.nl!jv
"It is better to light a candle than to curse the darkness"
More information about the Comp.bugs.sys5
mailing list