[1561] in linux-security and linux-alert archive
[linux-security] Re: an anti-overflow wrapper
daemon@ATHENA.MIT.EDU (Wietse Venema)
Wed May 28 07:04:42 1997
To: linux-security@redhat.com
Date: Tue, 27 May 1997 11:12:20 -0400 (EDT)
Cc: linux-security@redhat.com
In-Reply-To: <19970526195351.61541@sobolev.iam.uni-bonn.de> from Thomas Roessler at "May 26, 97 07:53:51 pm"
From: wietse@wzv.win.tue.nl (Wietse Venema)
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
For useful suggestions, see also the AUSCERT advisories
(www.auscert.org.au). They often post wrappers that limit
the size of arguments etc. for broken suid programs.
Wietse
> The following code is a first attempt at a simple but flexible
> suid wrapper which checks argv[] and environment. It might
> introduce new security holes or have other bugs; using 1 as a
> general failure exit value may be the wrong thing to do. The
> wrapper reads a configuration file named /etc/wrapper.cfg; see
> the comments in wrapper.c for the file's format.
>
> Flame, comment, or use at will.
>
> tlr