Re: Format String Attacks

[Dan Harkless <dan-bugtraq () DILVISH SPEED NET>]

Dan Harkless <dan-bugtraq () DILVISH SPEED NET> writes:
[...]
> #!/usr/local/bin/perl
> #
> # wrap_setid_progs_with_envar_clearer
[...]

I just noticed a problem with my script.  Because it does the find of setid
files live rather than all at the beginning, if there are multiple setid
programs that are hard links to the same inode, only one of them will get
wrapped.  The others will get their privileges "spanked" but without having
a wrapper installed, which may break things.

The only instance of this on our Solaris 2.6 systems I've found so far is
/usr/bin/{uptime,w}, though without any options, at least, w still functions
properly for non-root users even without the setuid root.

I'll fix my script right now to do all the finding and remembering of modes
at the beginning -- you'll be able to find it at:

    http://harkless.org/dan/software/wrap_setid_progs_with_envar_clearer

and I'll post here when it's done.

If you want to run the current version in the meantime, just keep in mind
you might have to manually wrap a shared-inode setid program or two.

----------------------------------------------------------------------
Dan Harkless                   | To prevent SPAM contamination, please
dan-bugtraq () dilvish speed net  | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts.  Thank you.