Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: libresolv+ bug

From: brian () saturn net (Brian Mitchell)
Date: Mon, 19 Aug 1996 14:24:35 -0400

On Mon, 19 Aug 1996, Alan Cox wrote:


Reading restricted file is not that much of a problem as long as you keep
the contents of the files secret, i.e., don't print "root:<pw>:::": parse
error at line 1.  Validate your input (for $TZ and $TERMINFO/$TERMCAP,
validating input is pretty easy, $TZ and $TERM* will only reveal
information if it happens to be in the right format)


In the case of resolv, user resolv files should only be read if they are
accessible as that user. This means going through all the usual mess because
the designers of Unix didnt anticipate the fact that open(...., O_ASRUID)
would have been useful.


Again, we run into the problem of what if the suid program sets its uid
and euid to 0, then the O_ASRUID would still be able to access the shadow
file, and we would be in the same situation.

Brian Mitchell                                          brian () saturn net
"I never give them hell. I just tell the truth and they think it's hell"
- H. Truman
Previous By Date Next
Previous By Thread Next

Current thread: