Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Format String Attacks
From: Dan Harkless <dan-bugtraq () DILVISH SPEED NET>
Date: Thu, 14 Sep 2000 16:41:50 -0700

Dan Harkless <dan-bugtraq () DILVISH SPEED NET> writes:
[...]
#!/usr/local/bin/perl
#
# wrap_setid_progs_with_envar_clearer
[...]

I just noticed a problem with my script.  Because it does the find of setid
files live rather than all at the beginning, if there are multiple setid
programs that are hard links to the same inode, only one of them will get
wrapped.  The others will get their privileges "spanked" but without having
a wrapper installed, which may break things.

The only instance of this on our Solaris 2.6 systems I've found so far is
/usr/bin/{uptime,w}, though without any options, at least, w still functions
properly for non-root users even without the setuid root.

I'll fix my script right now to do all the finding and remembering of modes
at the beginning -- you'll be able to find it at:

    http://harkless.org/dan/software/wrap_setid_progs_with_envar_clearer

and I'll post here when it's done.

If you want to run the current version in the meantime, just keep in mind
you might have to manually wrap a shared-inode setid program or two.

----------------------------------------------------------------------
Dan Harkless                   | To prevent SPAM contamination, please
dan-bugtraq () dilvish speed net  | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts.  Thank you.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]