[332] in bugtraq
Environment Variables and Strings()
daemon@ATHENA.MIT.EDU (Nathan Lawson)
Sat Dec 3 21:12:43 1994
From: nlawson@statler.csc.calpoly.edu (Nathan Lawson)
To: anthony.baxter@aaii.oz.au
Date: Sat, 3 Dec 1994 16:38:12 -0800 (PST)
Cc: bugtraq@fc.net
In-Reply-To:
> A better solution is to smash the _entire_ environment flat, except for
> specific ones, such as TZ, that can be reasonably assumed to be safe (I
> hope - anyone broken into a system with the TZ variable? :-)
What is the best way to do this? I have seen several different methods and
was interested in the most effective one. This will definitely be a recurring
issue, as the past has shown.
> ObBugDetectingHint: (I thought this to be obvious, but I've mentioned it
> to a few people who hadnt realised it, so may as well send it on)
>
> You can get an idea for whether a program is doing something stupid like a
> system() or popen() with 'strings'. For example, something like
>
> /bin/mail %s
>
> is usually a bit of a giveaway that someone is doing something stupid, and
> you might be able to break it.
I just wanted to add that Ultrix binaries are really helpful in the fact that
'strings' reports which parts of the standard library are used. For example:
wonker% strings /usr/bin/mail | egrep 'system|popen'
(...)
@(#)popen.c
@(#)system.c
> (bonus points if you can spot the program that the above is from :-)
Expreserve (boy what a memory :-)
-Nate
