[16795] in bugtraq
Re: SUID wrapper (was Re: (fwd) Re: Format String Attacks)
daemon@ATHENA.MIT.EDU (Dan Harkless)
Fri Sep 15 13:30:56 2000
Message-ID: <200009150848.BAA22264@dilvish.speed.net>
Date: Fri, 15 Sep 2000 01:48:19 -0700
Reply-To: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
From: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Message from "Granquist, Lamont" <lamont@ICOPYRIGHT.COM> of "Thu,
14 Sep 2000 16:22:35 PDT."
<Pine.LNX.4.21.0009141620030.17836-100000@enki.corp.icopyright.com>
"Granquist, Lamont" <lamont@ICOPYRIGHT.COM> writes:
> Instead of reinventing the wheel:
>
> http://cegt201.bradley.edu/~im14u2c/wrapper/
>
> That is Joe Zbiciak's suid wrapper which has been around for 3+ years.
I only looked at the source fairly briefly, but it looks like it can only
have one instance of a program with a given basename in its "wrap_profile".
If we're wrapping every system setid program on the machine, there's a quite
decent chance we'll need more than one instance of a given name. For
example, on Solaris 2.6 we need to wrap both /usr/bin/ps and /usr/ucb/ps.
I guess you could compile separate copies of this wrapper for the different
versions of ps, etc., but then you're back to a non-general-purpose wrapper
and you might as well shed a lot of unnecessary code and go with a simple
wrapper that hardcodes the path of the wrapped program.
Another thing is that the latest version of the wrapper generated by my
script eschews calls to functions like perror() and putenv() to be
ultra-safe.
Finally, there's something to be said for a wrapper that's so short you can
very quickly run through it in your mind and see that it does what you
expect. My script itself is not quite that short or simple, but the
wrappers it produces are, and it shows you the generated source code as it
compiles each one, and tells you what it's doing during each step of the
wrapping.
----------------------------------------------------------------------
Dan Harkless | To prevent SPAM contamination, please
dan-bugtraq@dilvish.speed.net | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
