Bugtraq mailing list archives
Re: Generic wrapper
From: jzbiciak () DALDD SC TI COM (Joe Zbiciak)
Date: Fri, 30 May 1997 17:37:40 -0500
'Jonathan Rozes' said previously: | One caveat: this wrapper will break programs with symbolic links that perform | different functions of the wrapped program (like sendmail, which has links | for mailq and newaliases). This is because the wrapper resets argv[0] to the | name of the wrapper program before executing the wrapped program. You would need to install separate copies of the wrapper in place of these symbolic links. | I commented out the offending line in the wrapper and things work as they | should now. What security implications are there to not resetting argv[0]? Basically, argv[0] is currently completely unchecked. (No check was necessary since I was replacing argv[0].) To merely check/pass along argv[0], you also need to change the for loop near the top of main(). Change as follows: From: for (i=1;i<argc && argv[i]!=0;i++) To: for (i=0;i<argc && argv[i]!=0;i++) The long-term fix would be to have the wrapper extract the basename from argv[0], and look it up in a list of allowed program names. If found, reset argv[0] to just the basename and pass that to the wrapped program. Otherwise, report it as an error/exploit attempt. I could try to add that, if anyone's interested. Regards, --Joe -- +--------------Joseph Zbiciak--------------+ |- - - - jzbiciak () daldd sc ti com - - - - -| | - - http://ee1.bradley.edu/~im14u2c/ - - | Not your average "Joe." |- - - - Texas Instruments, Dallas - - - -| +-------#include <std_disclaimer.h>--------+
Current thread:
- Generic wrapper Joe Zbiciak (May 26)
- <Possible follow-ups>
- Re: Generic wrapper Jonathan Rozes (May 30)
- SECURITY: Vulnerability in libX11 (fwd) Simon Karpen (May 29)
- Re: Generic wrapper Joe Zbiciak (May 30)
- Re: Generic wrapper David Holland (May 30)