Subject: Re: SetUID scripts
To: Peter Galbavy <peter@wonderland.org>
From: Brett Lymn <blymn@awadi.com.AU>
List: netbsd-help
Date: 07/03/1996 19:55:47
According to Peter Galbavy:
>
>On this topic, now that the problem is well known, could somebody explain
>to me in very small words what the well known security problem with set UID
>scripts is ? I never grasped it. Mea culpa.
>
The major problem is that they are executed by sh ;-) Seriously,
there is just so much that can be exploited when you use sh - things
like the IFS variable which is used to work out what constitutes a
word, all sorts of environment variables that can be primed with weird
and wonderful strings. Added to this is the difficulty of elminating
races and you have a truly dangerous cocktail.
Normally, secure code will dump the entire environment and reconstruct
one that the programmer wants and then executes a binary on an
explicit path (and I _mean_ exec - the "system" call is just as bad as
a sh script since sh is exec'ed to run the command passed). Even this
is fraught with dangers like buffer overruns, assuming you accept user
input, which could find you executing interesting machine code off the
stack. Added to this you are not free from races either. Programming
securely is very very tough.
--
Brett Lymn, Computer Systems Administrator, AWA Defence Industries
===============================================================================
"Upgrading your memory gives you MORE RAM!" - ad in MacWAREHOUSE catalogue.