Prev: Where is the document for /dev/fd/0?
Next: Removing pwd directory and su and cd .. issue
From: Maxwell Lol on 11 Jun 2010 07:12
Wayne <nospan(a)all.invalid> writes:

> That didn't work but you put me on the right track. For Linux, this
> worked:
>
> $ cat bar.c
> #include <sys/types.h>
> #include <unistd.h>
>
> int main ( void )
> {
> setreuid( geteuid(), geteuid() );
> return system( "bash bar.sh" );
> }


Don't use system()!!!!
This is trivially hacked.

example: I can create my own bash executable and change the searchpath
to point to my bash instead of the system one.


And changing "bash" to "/bin/bash" does not fix the problem. IFS can
be defined to include "/" and I can define a program called "bin" and
do the same thing.


One example of a wrapper program is src/wrapper.c in the majordomo
package. It may not be the best. but it's vastly better that your
code. It uses execve instead of system. It scrubs the environment,
it sets PATH, HOME, etc.

But it's been years since I looked for a wrapper. Better examples
might exist. It's a starting point.



From: Michael Paoli on 11 Jun 2010 08:09
In general, one shouldn't be writing SUID (or SGID) programs or
scripts, or enabling such on binaries which weren't explicitly written
with appropriate security for such.

Even the folks that should well know how to security write SUID/SGID
programs occasionally make errors on such, often leading to an
exploit.

Those that aren't quite familiar with all the applicable security
implications shouldn't attempt such - failing to heed that is just
asking for trouble.

And why reinvent the wheel ... poorly? Why not use sudo?

On Jun 11, 4:12 am, Maxwell Lol <nospam(a)com.invalid> wrote:
> Wayne <nospan(a)all.invalid> writes:
> > That didn't work but you put me on the right track.  For Linux, this
> > worked:
>
> > $ cat bar.c
> > #include <sys/types.h>
> > #include <unistd.h>
>
> > int main ( void )
> > {
> >     setreuid( geteuid(),  geteuid() );
> >     return system( "bash bar.sh" );
> > }
>
> Don't use system()!!!!
> This is trivially hacked.
>
> example: I can create my own bash executable and change the searchpath
> to point to my bash instead of the system one.
>
> And changing "bash" to "/bin/bash" does not fix the problem. IFS can
> be defined to include "/" and I can define a program called "bin" and
> do the same thing.
>
> One example of a wrapper program is src/wrapper.c in the majordomo
> package.  It may not be the best. but it's vastly better that your
> code.  It uses execve instead of system. It scrubs the environment,
> it sets PATH, HOME, etc.
>
> But it's been years since I looked for a wrapper. Better examples
> might exist. It's a starting point.
From: Wayne on 11 Jun 2010 13:23
On 6/11/2010 8:09 AM, Michael Paoli wrote:
> In general, one shouldn't be writing SUID (or SGID) programs or
> scripts, or enabling such on binaries which weren't explicitly written
> with appropriate security for such.
>
> Even the folks that should well know how to security write SUID/SGID
> programs occasionally make errors on such, often leading to an
> exploit.
>
> Those that aren't quite familiar with all the applicable security
> implications shouldn't attempt such - failing to heed that is just
> asking for trouble.
>
> And why reinvent the wheel ... poorly? Why not use sudo?
>
> On Jun 11, 4:12 am, Maxwell Lol <nospam(a)com.invalid> wrote:
>> Don't use system()!!!!
>> This is trivially hacked.
>>
>> example: I can create my own bash executable and change the searchpath
>> to point to my bash instead of the system one.
>>
>> And changing "bash" to "/bin/bash" does not fix the problem. IFS can
>> be defined to include "/" and I can define a program called "bin" and
>> do the same thing.
>>
>> One example of a wrapper program is src/wrapper.c in the majordomo
>> package. It may not be the best. but it's vastly better that your
>> code. It uses execve instead of system. It scrubs the environment,
>> it sets PATH, HOME, etc.
>>
>> But it's been years since I looked for a wrapper. Better examples
>> might exist. It's a starting point.

Don't worry, I have no intention of using such a wrapper on a real
system. This was just for educational purposes. Your points on
not using system, using absolute paths, and scrubbing the environment
are all well taken.

--
Wayne
First  |  Prev  | 
Pages: 1 2 3
Prev: Where is the document for /dev/fd/0?
Next: Removing pwd directory and su and cd .. issue