[890] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] joy

daemon@ATHENA.MIT.EDU (Uri Blumenthal)
Wed Jul 10 16:39:37 1996

From: Uri Blumenthal <uri@watson.ibm.com>
To: jordy@thirdwave.net (Jordy)
Date: Wed, 10 Jul 1996 13:36:35 -0400 (EDT)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.BSI.3.91.960709234912.21750A-100000-100000@aloha.com> from "Jordy" at Jul 9, 96 11:53:35 pm
Reply-To: uri@watson.ibm.com

Jordy says:
> actually, dip does need to be setuid because it modifies the routing tables.

(:-) You got it...

> the problem with it was that it doesn't check strlen(), stupid thing... 
> you know, someone should write a nice little howto file on setuid 
> programming:
> 
> on all input do strlen()

Not necessarily. Much better would be to input only a certain
number of bytes...

> don't use system()

"Shouldn't" is better than "don't"...

> put the full paths of all binaries when execl*()
> check eiud

Double emphatic yes!

> reset all "evil" environmental variables

(:-)

> never run a shell script from a setuid program

Oh, there still are those who do? What's their IP addresses? (:-)

> if possible, setuid to something other than root that has only the power
> 	to do what is needed

Plus - many things can be done with set-gid and user groups.

> possibly do what apache does? spawn new daemons as user nobody? it was 
> 	said that apache did it the RIGHT way.

Just say - "drop the unnecessary privileges as soon as they become
unnecessary".

Oh, and truncate that signature of yours. (:-)
-- 
Regards,
Uri		uri@watson.ibm.com
-=-=-=-=-=-=-
<Disclaimer>

home help back first fref pref prev next nref lref last post