[1561] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: an anti-overflow wrapper

daemon@ATHENA.MIT.EDU (Wietse Venema)
Wed May 28 07:04:42 1997

To: linux-security@redhat.com
Date: Tue, 27 May 1997 11:12:20 -0400 (EDT)
Cc: linux-security@redhat.com
In-Reply-To: <19970526195351.61541@sobolev.iam.uni-bonn.de> from Thomas Roessler at "May 26, 97 07:53:51 pm"
From: wietse@wzv.win.tue.nl (Wietse Venema)
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

For useful suggestions, see also the AUSCERT advisories
(www.auscert.org.au). They often post wrappers that limit
the size of arguments etc. for broken suid programs.

	Wietse

> The following code is a first attempt at a simple but flexible
> suid wrapper which checks argv[] and environment.  It might
> introduce new security holes or have other bugs; using 1 as a
> general failure exit value may be the wrong thing to do.  The
> wrapper reads a configuration file named /etc/wrapper.cfg; see
> the comments in wrapper.c for the file's format.
> 
> Flame, comment, or use at will.
> 
> tlr


home help back first fref pref prev next nref lref last post