Bugtraq mailing list archives
Re: [linux-security] Re: Possible bufferoverflow condition in
From: casper () holland Sun COM (Casper Dik)
Date: Fri, 16 Aug 1996 17:59:03 +0200
The problem in mount, aside from the obvious buffer overrun, is that the most basic maxim for coding privileged programs was ignored--again. All privileged programs should run without those privileges enabled except during execution of the critical code that needs them. For example: main() { ... /* variable decls */ seteuid( getuid() ); ... /* non-privileged code, including sprintf() */ seteuid( 0 ); mount( ... ); seteuid( getuid() ); ... /* more non-privileged code */ } If mount were written like this, then I seriously doubt that a minor bounds-checking goofup could have caused this major security problem.
Sorry, but the latest rdist buffer overflow did happen in code that had both uids set back to the original user. If you can exec a shell from the spamming, how difficult do you think it is to set euid and uid back to zero? No, the safe set-uid programming paradigm saves you from a lot of trouble, but not from buffer overflows. Casper
Current thread:
- Re: [linux-security] Re: Possible bufferoverflow condition in Nick Andrew (Aug 15)
- <Possible follow-ups>
- Re: [linux-security] Re: Possible bufferoverflow condition in Casper Dik (Aug 16)
- Re: [linux-security] Re: Possible bufferoverflow condition in Zygo Blaxell (Aug 21)