[4622] in bugtraq
Re: Generic wrapper
daemon@ATHENA.MIT.EDU (Joe Zbiciak)
Sat May 31 01:00:22 1997
Date: Fri, 30 May 1997 17:37:40 -0500
Reply-To: Joe Zbiciak <jzbiciak@DALDD.SC.TI.COM>
From: Joe Zbiciak <jzbiciak@DALDD.SC.TI.COM>
X-To: jrozes@tcs.tufts.edu
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <9705301538.ZM7523@gumbo.tcs.tufts.edu> from "Jonathan Rozes" at
May 30, 97 03:38:49 pm
'Jonathan Rozes' said previously:
| One caveat: this wrapper will break programs with symbolic links that perform
| different functions of the wrapped program (like sendmail, which has links
| for mailq and newaliases). This is because the wrapper resets argv[0] to the
| name of the wrapper program before executing the wrapped program.
You would need to install separate copies of the wrapper in place of these
symbolic links.
| I commented out the offending line in the wrapper and things work as they
| should now. What security implications are there to not resetting argv[0]?
Basically, argv[0] is currently completely unchecked. (No check was
necessary since I was replacing argv[0].)
To merely check/pass along argv[0], you also need to change the for loop
near the top of main(). Change as follows:
From:
for (i=1;i<argc && argv[i]!=0;i++)
To:
for (i=0;i<argc && argv[i]!=0;i++)
The long-term fix would be to have the wrapper extract the basename from
argv[0], and look it up in a list of allowed program names. If found,
reset argv[0] to just the basename and pass that to the wrapped program.
Otherwise, report it as an error/exploit attempt.
I could try to add that, if anyone's interested.
Regards,
--Joe
--
+--------------Joseph Zbiciak--------------+
|- - - - jzbiciak@daldd.sc.ti.com - - - - -|
| - - http://ee1.bradley.edu/~im14u2c/ - - | Not your average "Joe."
|- - - - Texas Instruments, Dallas - - - -|
+-------#include <std_disclaimer.h>--------+
