Bugtraq mailing list archives
Re: Telnet attack on SGI
From: adam () bwh harvard edu (Adam Shostack)
Date: Thu, 2 Nov 1995 13:59:59 -0500
Doug Siebert wrote: | There are two ways I know of to protect against this attack until SGI has a | patch ready. One would be to write a wrapper that removes "dangerous" | environment variables. Obviously, figuring out which ones are dangerous is | the trick! Certainly anything that starts LD_ or _RLD should be | removed. But | there may always be others you don't know about. You'd take your wrapper and A wrapper should only pass 'trusted' and needed environment variables. TZ, LANG, TERMCAP and the like. Its much easier to figure out what you need than what you shouldn't trust. Logdaemon is supposedly not affected by this; I suspect that that's because it already empties its environment. Good defensive code that. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Current thread:
- Re: SunOS syslog() fix, finally..., (continued)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 10)
- Re: SunOS syslog() fix, finally... Jake Luck (Nov 10)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 13)
- Re: SunOS syslog() fix, finally... Brett Lymn (Nov 13)
- ufsrestore suid root not a security hole Sean Vickery (Nov 16)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 17)
- SGI Security Advisory 19951101 - telnetd SGI Security Coordinator (Nov 17)
- SGI Security Advisory 19951101 - telnetd : UPDATE SGI Security Coordinator (Nov 17)
- Re: SunOS syslog() fix, finally... Pug (Nov 10)
- Turning dynamic into static? Lawrence R. Rogers (Nov 09)
- Re: Does the shared lib bug work on any suid program ? Fred Blonder (Nov 03)
- Re: Does the shared lib bug work on any suid program ? John Capo (Nov 03)
- Re: Does the shared lib bug work on any suid program ? Justin Mason (Nov 06)
- Re: a point is being missed Scott Barman (Nov 03)
- Re: a point is being missed John Stewart (Nov 03)
- Re: a point is being missed Douglas Siebert (Nov 03)
- Re: a point is being missed Richard Todd (Nov 04)
- Re: a point is being missed Casper Dik (Nov 04)