[nSLUG] chmod +s , cupsd restart

Peter Cordes peter at llama.nslug.ns.ca
Sat Jun 21 22:54:19 ADT 2003


On Fri, Jun 20, 2003 at 09:50:35AM -0300, Jamie Fifield wrote:
> Full path name doesn't necessarily protect you either.
> 
> export IFS="/"
> 
> That shouldn't be honoured by exec calls, but if you use an exec that
> passes the environment in (like execle), to run a shell script...

 actually, execle(3) is the only exec(3) function that lets you pass an
empty environment.  The _others_ pass the existing envronment (from the
global variable "environ").

> suid programs are just all around bad ideas.  I cannot think of one
> situation where they should be installed on a system attempting to be
> secure.

 Yeah, you have to be an expert on systems programming to be confident that
it's secure, even if you only want to do something simple.  For example, if
Donald had fixed the bug in his program by using execlp(3), PATH attacks
would work against it.

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter at llama.nslug.n , s.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BC




More information about the nSLUG mailing list