setuid scripts wrapper (RFC, proposal)
Peter Jeremy
peterjeremy at optushome.com.au
Thu Apr 6 19:28:00 UTC 2006
On Thu, 2006-Apr-06 14:49:25 +0400, Sply Splyeff wrote:
>> The biggest problem is its failure to check the sanity of the input
>> parameters - that a particular argument actually exists before
>> referencing it.
>
>Do you mean that evil Bob can substitue Alice's script between stat() and execve() calls?
>Yes, I've missed this point.
Actually Bob can replace the script anytime between the initial statfs() call
in your script and the interpreter opening the script sometime after the
execve() call. You should be able to get around this by opening the script
first, using fstatfs() and fstat() and passing the script as /dev/fd/N to
the interpreter.
What I was actually referring to was your use of argv[1], argv[2], argv[3]
and argv[4] without checking argc or otherwise validating them.
--
Peter Jeremy
More information about the freebsd-hackers
mailing list