Re: Possible buffer overflows = security problem?
Hi Frank,
On Fri, 5 Sep 2003, Frank Lichtenheld wrote:
> char path[256];
> sprintf( path, "some string/%s", packagename);
>
> There are no further checks as I can see. I'm not very experienced in C
> programming and don't know much about the details of exploiting buffer
> overflows or the like...
>
> Is such code (away from the fact that it can easily lead to segfaults) a
> security problem?
This depends on the context of the code. Generally speaking:
If the data (packagename, in your case), comes from an insecure source,
e.g. a command line argument or a value otherwise provided by the user, it
may be possible to craft a string that will overflow the stack in such a
way that an embedded piece of assembler code will be executed.
This code will be run with the same privileges that your program has.
Obviously, if the program is run from a normal shell by a normal user, and
it is not SetUID, this would normally not be considered a security issue.
But if the program is SetUID or SetGID, this would allow the attacker to
e.g. start a shell (by calling exec) with those privileges.
Even if the program does not run with SetUID, it can still be a security
risk if it is called from a restricted environment such as CGI programs or
from a restricted shell. The user could then obtain access to a normal
shell with the privileges of the process owner. Many exploits like this
for CGI programs have appeared over time.
Since you never know how people are going to use a program (e.g. call it
from an insecure CGI program or script), it is always safest to do sanity
checking on all user supplied input to a program.
Kind regards,
Thomas
Reply to: