[888] in linux-security and linux-alert archive
Re: [linux-security] joy
daemon@ATHENA.MIT.EDU (Jordy)
Wed Jul 10 12:31:01 1996
Date: Tue, 9 Jul 1996 23:53:35 -1000 (HST)
From: Jordy <jordy@thirdwave.net>
To: linux-security <linux-security@tarsier.cv.nrao.edu>
In-Reply-To: <4ruule$i4f@dhp.com>
On 9 Jul 1996, Matt wrote:
> Jordy (jordy@thirdwave.net) wrote:
> : joy, a new security hole for linux, guess dip 3.3.7n wasn't as security
> : as hoped..
>
> This is a major case of programs that are SUID, that in most cases do not
> need to be. Fixing such minor things helps improve security greatly.
actually, dip does need to be setuid because it modifies the routing tables.
the problem with it was that it doesn't check strlen(), stupid thing...
you know, someone should write a nice little howto file on setuid
programming:
on all input do strlen()
don't use system()
put the full paths of all binaries when execl*()
check eiud
reset all "evil" environmental variables
never run a shell script from a setuid program
if possible, setuid to something other than root that has only the power
to do what is needed
possibly do what apache does? spawn new daemons as user nobody? it was
said that apache did it the RIGHT way.
any other suggestions?
Jordy
,''~``. ,''``~.
( o o ) ,( o o ),
/--.oooO--(_)--Oooo.--------------------.oooO--(_)--Oooo.---\
| http://www.thirdwave.net/~jordy/ |
| There are people in this world that look at art but can't |
| see it. There are also people who listen to music but |
| don't hear it. I feel sorry for those who look and |
| listen and envious of those who can see and hear. |
| .oooO Oooo. |
| ( ) Oooo. jordy@thirdwave.net .oooO ( ) |
\-----\ (----( )------------------------( )--- ) /------/
\_) ) / \ ( (_/
(_/ \_)