[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd)
From: |
Bela Lubkin |
Subject: |
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd) |
Date: |
Thu, 26 Jun 1997 01:36:39 +0000 |
Alex Lyons wrote:
> > > system("/bin/cp file1;/bin/sh; file2") :(
> > > system("exec /bin/cp file1;/bin/sh; file2") :)
> > I believe that the discussion of 'exec' was referring to the family of
> > system calls (execl, execlp, etc), which require the application to parse
> > the command line into the argv array by itself.
>
> I know. That's why I'm suggesting putting "exec" in front of the command
> string passed to system, as a less-hassle alternative: the shell does the
> parsing, but then gets replaced by the first command before it can cause
> any mischief.
This gives nothing more than a false sense of security. If the user can
spoof, they can spoof in ways that your leading "exec " won't help:
system("exec /bin/cp file1`/bin/sh </dev/tty >/dev/tty 2>&1` file2");
>Bela<
PS: I didn't see any response to my comment 2 weeks ago that "the
sequence open-then-chmod tends to open race conditions which can
lead to security holes". Was it received?
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), (continued)
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Robert Bonomi, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), H E Nelson, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Jan Hlavacek, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), H E Nelson, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Foteos Macrides, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Alex Lyons A32/373-Winfrith Tel2368 FAX2508, 1997/06/25
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Alex Lyons A32/373-Winfrith Tel2368 FAX2508, 1997/06/25
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd),
Bela Lubkin <=
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Foteos Macrides, 1997/06/27