[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: setuid/setgid binaries contained in the Debian repository.

On Mon, Aug 11, 2003 at 06:13:10PM +0200, Emile van Bergen wrote:
> To make the wrapper unwritable both by the user and the per-game
> uid/gid, make it setuid root

i guess this is called sudo?

>         /* securely obtain /usr/lib/games/`basename $0` */
> 
>         if (!argv[0]) return 2;
>         me = strrchr(argv[0], '/');
>         if (me) me++; else me = argv[0];
>         melen = strlen(me);
>         if (melen < 1 || melen > sizeof(realgame) - 16) return 3;

you need to check for ..

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Reply to: