[196] in Zephyr_Comments
security problems with XSETROOT and zmaidl
daemon@ATHENA.MIT.EDU (Mark W. Eichin)
Sat Apr 1 17:39:14 1989
Date: Sat, 1 Apr 89 17:38:48 EST
From: Mark W. Eichin <eichin@ATHENA.MIT.EDU>
To: bjaspan@ATHENA.MIT.EDU, zephyr-comments@ATHENA.MIT.EDU
Cc: jh@ATHENA.MIT.EDU, raeburn@ATHENA.MIT.EDU, jik@ATHENA.MIT.EDU
> exec /mit/bjaspan/bin/zrecv -h $host -p $prt -s | xwud
I'm sorry, but you seem to have missed the point.
ANY time you use "exec" with variables substitued in from incoming
data, you have a potential security hole. The *only* solution is to
provide a "write" funciton that is not general purpose, as the shell
is. (I am fairly sure system() always uses /bin/sh, but if not, I
suppose you *could* start up zwgc with a different shell, that
prevents such operations, but I don't think that will work.)
_Mark_
