[918] in linux-security and linux-alert archive
Re: [linux-security] sliplogin
daemon@ATHENA.MIT.EDU (Jason Marshall)
Wed Jul 17 11:11:08 1996
Date: Tue, 16 Jul 1996 11:12:02 -0600 (MDT)
From: Jason Marshall <marshalj@spots.ab.ca>
To: David Holland <dholland@hcs.HARVARD.EDU>
cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199607160156.VAA05608@hcs.HARVARD.EDU>
> It does
> setuid(0);
> if (s = system(logincmd)) {
> :
> }
> without clearing the environment first. Therefore, anybody can get
> root trivially.
Ok, my interest has been piqued for a while now, but I've just never
asked. Is there a list somewhere of ALL the things that really should
be done or looked for when writing code segments that are seteuid(0)?
I know SOME of the things to do, but I've yet to see a comprehensive
list. I am quite sure there are many C coders out there who either a)
don't know what to do, or b) wouldn't mind some confirmation that they
are/have been doing the right things.
This is particularly in reference to system() calls, and/or the replacing
of those calls with safer code.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
| Jason Marshall, marshalj@spots.ab.ca. Spots InterConnect, Inc. Calgary, AB |
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-