[4617] in bugtraq
Re: Generic wrapper
daemon@ATHENA.MIT.EDU (Jonathan Rozes)
Fri May 30 18:30:34 1997
Date: Fri, 30 May 1997 15:38:49 -0400
Reply-To: jrozes@tcs.tufts.edu
From: Jonathan Rozes <jrozes@GUMBO.TCS.TUFTS.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Joe Zbiciak <jzbiciak@DALDD.SC.TI.COM> "Generic wrapper" (May 26,
10:03pm)
Look what Joe Zbiciak said on May 26, 10:03pm:
>
> Since there are a plethora of buffer overflows waiting to happen, and
> since the AUSCERT wrapper isn't sufficient for many people, I'm making
> my more generic wrapper available to all.
One caveat: this wrapper will break programs with symbolic links that perform
different functions of the wrapped program (like sendmail, which has links
for mailq and newaliases). This is because the wrapper resets argv[0] to the
name of the wrapper program before executing the wrapped program.
IRIX users will get nastily bit if they wrap /sbin/df, because /etc/devnm
(a symlink to df) will produce wierd results, causing the boot sequence to
fail to create the root device links /dev/root and /dev/rroot, along with
any tape device links. Your system will still boot normally, but you won't
have access to your tape drives and the system will claim that the root
filesystem is not mounted.
I commented out the offending line in the wrapper and things work as they
should now. What security implications are there to not resetting argv[0]?
Thanks,
jonathan
--
+++ Jonathan Rozes, Unix Systems Administrator, Tufts University
++ jrozes@tcs.tufts.edu, http://rozes.tcs.tufts.edu/
+ Remember, there's a difference between kneeling down and
bending over --FZ
