unshar business

Jef Poskanzer pokey at well.UUCP
Sat Dec 10 06:59:00 AEST 1988


In the referenced message, Makey at LOGICON.ARPA (Jeff Makey) wrote:
}In article <210 at bridge2.3Com.Com> mbt at bridge2.3Com.com (Brad Turner) writes:
}>I figure this is a pretty safe compromise between prudence and paranoia.
}
}Some people just don't pay attention, do they?
}
}I haven't had a chance to look carefully at Cathy Segedy's C program,
}but there's no question that such an approach is the most efficent (in
}terms of machine resources) and safest method of unsharing map files.

Well, I have looked at Cathy's program, all 93 lines of it, and unless
I'm reading it wrong she wasn't paying much attention either.  Consider
the following somewhat twisted fragment where she gets the output filename
from the shar file:

	    strncpy(file2,&buffer[20],(strlen(&buffer[20]) - 1));
	    printf("opening file {%s}\n",file2);
	    if((fp2 = fopen(file2, "w")) ==  NULL) {

Do you see anything in there to prevent "../../../../etc/passwd"?  I sure
don't.

By the way, uns.c uses a fixed size buffer, only 256 characters long.
I have right here in my home directory a shar file with a 288 character
line.

These are minor nits, easily fixable, but I thought someone ought to
point them out before people start installing uns.c and thinking they
are secure.
---
Jef

             Jef Poskanzer   jef at rtsg.ee.lbl.gov   ...well!pokey
Flon's Law: There is not now, and never will be, a language in which it is the
                  least bit difficult to write bad programs.



More information about the Comp.unix.wizards mailing list