[659] in linux-security and linux-alert archive
[linux-security] Re: BoS: Re: Vulnerabilities in mgetty+sendfax (root access by fax)
daemon@ATHENA.MIT.EDU (Peter da Silva)
Thu Apr 4 15:02:55 1996
From: peter@nmti.com (Peter da Silva)
To: nobody@mail.uu.net
Date: Tue, 2 Apr 1996 17:29:41 -0600 (CST)
Cc: zblaxell@myrus.com, linux-security@tarsier.cv.nrao.edu,
best-of-security@suburbia.net
In-Reply-To: <m0u4CKJ-0000ZoC@mobile.greenie.muc.de> from "Gert Doering" at Apr 2, 96 10:05:14 pm
> Hmmm. Not the proper place to fix it (but the easy one). The fax ID
> should be passed to the calling functions "as-is", but they should
> check better before calling "system()".
IMHO, no program that runs as root should call "system". I know it's
tough (and I don't always manage to do it right myself), but when I do
call it it's *always* assumed to be dangerous.
It should be possible to do:
execlp(...);
execl("/bin/sh", ...);
barf();
(which used to be what everyone did anyway)
[Mod: This thread is drifting away from Linux-related security and into
the realm of "generally good system programming practices," so
follow-ups, critiques, etc., along these lines should be directed to the
posts' authors and not to the list. Thanks! --Jeff.]
