A security hole
Martien F v Steenbergen
ccement at rivm.UUCP
Tue Mar 8 22:49:17 AEST 1988
In article <181 at wsccs.UUCP>, terry at wsccs.UUCP (terry) writes:
>
> Do NOT write a setuid program that uses getcwd(). The getcwd() call
> does a popen() of the "pwd" shell command and does not check it's path. This
> means that someone could write their own pwd and execute the command from
> their directory, thus gaining root access via a sh -c.
First of all, by writing a setuid program you automatically open
the security hole and you are likely to fall in. You must always
be suspicious of any setuid program.
Second, when you really need a setuid program you'll have to check a lot
of permissions etc. yourself. One system call was created to help you with
access permissions: access(2). access(2) uses the real user IDs instead
of the effective user IDs when checking access permissions. (Remember that
a setuid program only changes the effective user ID of the calling process.)
________________________________________________________________
Martien F. van Steenbergen
National Institute of Public Health and Environmental Protection
dept. RIVM/CCE
PO Box 1
3720 BA Bilthoven
The Netherlands
tel: (31) 30 742819
email: ...!mcvax!rivm!martien
___________________________MSDOSN'T_____________________________
More information about the Comp.bugs.sys5
mailing list