Re: Proposal of new group

To: Tomasz Wegrzanowski <maniek@beer.com>
Cc: debian-policy@lists.debian.org
Subject: Re: Proposal of new group
From: Miquel van Smoorenburg <miquels@cistron.nl>
Date: Thu, 14 Oct 1999 14:02:10 +0200
Message-id: <[🔎] 19991014140210.A10007@cistron.nl>
In-reply-to: <[🔎] 19991014140502.B1412@tavaiah>; from Tomasz Wegrzanowski on Thu, Oct 14, 1999 at 02:05:02PM +0200
References: <[🔎] 19991013194951.H217@tavaiah> <[🔎] 7u2ro0$s7h$1@defiant.cistron.net> <[🔎] 19991014005648.A3484@tavaiah> <[🔎] 19991014093611.A16376@cistron.nl> <[🔎] 19991014134322.A1412@tavaiah> <[🔎] 19991014134529.A8624@cistron.nl> <[🔎] 19991014140502.B1412@tavaiah>

According to Tomasz Wegrzanowski:
> > Think of command line arguments, environment variables .. that's
> > all 'user input'
> 
> This (command line arguments, environment variables) is
> what i checked in manpages.

Never ever trust manpages. Read the source.

> But theres nothing about
> such things (i though about these when i said userinput
> such things as additional scripts etc. would be surely
> security holes)

There certainly is. For example, the "warning-message" you can specify
on the command line. Did you check to see if it perhaps is copied into
an internal fixed-size buffer? Which would then easy to overflow?
Poof, root shell.

Also, argument to "-t" is passed unaltered to "init". Perhaps you
can overflow something in init itself that way ?

Now, both of the things I mentioned are secure. I checked the source for
this. But there might be other exploits, or I might have overlooked
something.

Really, *never ever* promote some random program to a setuid program
without auditing the source extensively. That's the only thing I
am trying to get across in this thread.

Mike.
-- 
First things first, but not necessarily in that order.

Reply to:

References:
- Proposal of new group
  - From: Tomasz Wêgrzanowski <maniek@beer.com>
- Re: Proposal of new group
  - From: miquels@cistron.nl (Miquel van Smoorenburg)
- Re: Proposal of new group
  - From: Tomasz Wêgrzanowski <maniek@beer.com>
- Re: Proposal of new group
  - From: Miquel van Smoorenburg <miquels@cistron.nl>
- Re: Proposal of new group
  - From: Tomasz Wegrzanowski <maniek@beer.com>
- Re: Proposal of new group
  - From: Miquel van Smoorenburg <miquels@cistron.nl>
- Re: Proposal of new group
  - From: Tomasz Wegrzanowski <maniek@beer.com>

Prev by Date: Re: Proposal of new group
Next by Date: Bug#47438: copyright statement needs updating?
Previous by thread: Re: Proposal of new group
Next by thread: Re: Proposal of new group
Index(es):
- Date
- Thread