Bugtraq mailing list archives
Re: Format String Attacks
From: Dan Harkless <dan-bugtraq () DILVISH SPEED NET>
Date: Thu, 14 Sep 2000 17:03:00 -0700
Drazen Kacar <dave () SRCE HR> writes:
You can't rely on argv[0], because any program can change that. On Solaris you can use getexecname(3c) to get the name of the executed file.
The man page says that won't always be an absolute path, though: Normally this is an absolute pathname, as the majority of commands are executed by the shells who append the command name to the users PATH components. If this is not an abso- lute path, getcwd(3C) can be prepended to it to create an absolute path. [...] The getexecname() function obtains the executable pathname from the AT_SUN_EXECNAME aux vector. These vectors are made available to dynamically linked processes only.
Symlinks will be resolved. I don't know if it's possible to exploit some race condition with it. It would be advisable to limit programs which you execute to the trusted path, such as /usr/bin. Or a path prefix, at least.
On my Solaris 2.6 system, all system setid programs were under /etc or /usr, but that may vary from system to system, of course.
Some programs (or administrators) will need environment variables, so it would be nice just to remove the unwanted ones.
Yeah, it's definitely major overkill to delete the entire environment. My script only clears the environment variables you specify. ---------------------------------------------------------------------- Dan Harkless | To prevent SPAM contamination, please dan-bugtraq () dilvish speed net | do not mention this private email SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
Current thread:
- Re: Format String Attacks, (continued)
- Re: Format String Attacks Doug Hughes (Sep 13)
- Re: Format String Attacks Dan Astoorian (Sep 14)
- Re: Format String Attacks Casper Dik (Sep 15)
- Re: Format String Attacks Pavel Kankovsky (Sep 14)
- Re: Format String Attacks Dan Harkless (Sep 14)
- Re: Format String Attacks Dan Harkless (Sep 14)
- Re: Format String Attacks Dan Harkless (Sep 14)
- Re: Format String Attacks Dan Harkless (Sep 15)
- Re: Format String Attacks Dan Harkless (Sep 17)
- Re: Format String Attacks Dan Astoorian (Sep 14)
- Re: Format String Attacks Doug Hughes (Sep 13)
- Re: Format String Attacks Drazen Kacar (Sep 14)
- Re: Format String Attacks Dan Harkless (Sep 14)
- Re: Format String Attacks Serguei Patchkovskii (Sep 14)
- Re: Format String Attacks Nate Eldredge (Sep 21)
- Re: Format String Attacks Matthias Meixner (Sep 22)
- Re: Format String Attacks jsl2 (Sep 22)
- Re: Format String Attacks Ajax (Sep 25)