setuid scripts wrapper (RFC, proposal)
Peter Jeremy
peterjeremy at optushome.com.au
Thu Apr 6 09:26:41 UTC 2006
On Thu, 2006-Apr-06 00:29:27 +0400, Sply Splyeff wrote:
>There are some security problems with kernel-level script
>setuid execution which discourage from using it.
The biggest problem is a race condition between the kernel setting up
the set[gu]id() environment and opening the script to find the
interpreter and the interpreter opening the script to execute it.
This can only be fixed withing the kernel (by passing the script to
the interpreter as a pre-opened FD).
>Is it strong enough? Maybe there is any slippery ground
>left?
The biggest problem is its failure to check the sanity of the input
parameters - that a particular argument actually exists before
referencing it.
Other issues I noticed:
- strncpy() is virtually always the wrong function. You already do
validation so you could just use strcpy()
- strncpy(penvd + penvsz, "=", 1); could be penvd[penvsz] = '=';
- No error if number of environment variables too great.
--
Peter Jeremy
More information about the freebsd-hackers
mailing list