[3215] in bugtraq
Re: libresolv+ bug
daemon@ATHENA.MIT.EDU (Brian Mitchell)
Tue Aug 20 01:09:34 1996
Date: Mon, 19 Aug 1996 14:24:35 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Brian Mitchell <brian@saturn.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <199608190818.JAA17409@cableol.net>
On Mon, 19 Aug 1996, Alan Cox wrote:
> > Reading restricted file is not that much of a problem as long as you keep
> > the contents of the files secret, i.e., don't print "root:<pw>:::": parse
> > error at line 1. Validate your input (for $TZ and $TERMINFO/$TERMCAP,
> > validating input is pretty easy, $TZ and $TERM* will only reveal
> > information if it happens to be in the right format)
>
> In the case of resolv, user resolv files should only be read if they are
> accessible as that user. This means going through all the usual mess because
> the designers of Unix didnt anticipate the fact that open(...., O_ASRUID)
> would have been useful.
Again, we run into the problem of what if the suid program sets its uid
and euid to 0, then the O_ASRUID would still be able to access the shadow
file, and we would be in the same situation.
Brian Mitchell brian@saturn.net
"I never give them hell. I just tell the truth and they think it's hell"
- H. Truman
