Re: Generic wrapper

David Holland (dholland@EECS.HARVARD.EDU)
Fri, 30 May 1997 18:40:27 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Lista de securitate: "IRC script trojan with Unix based clients"
Previous message: Simon Karpen: "SECURITY: Vulnerability in libX11 (fwd)"
Maybe in reply to: Joe Zbiciak: "Generic wrapper"
Next in thread: Joe Zbiciak: "Re: Generic wrapper"

> One caveat: this wrapper will break programs with symbolic links
> that perform different functions of the wrapped program (like
> sendmail, which has links for mailq and newaliases). This is
> because the wrapper resets argv[0] to the name of the wrapper
> program before executing the wrapped program.

This is because of programs that do things like

execve(argv[0], argv, environ);

when running setuid. (Since argv[0] can be set by the parent process,
it's trivial to set it to /bin/sh and thus get a shell.)

> IRIX users will get nastily bit if they wrap /sbin/df, because /etc/devnm
> (a symlink to df) will produce wierd results, causing the boot sequence to
> fail to create the root device links /dev/root and /dev/rroot, along with
> any tape device links. Your system will still boot normally, but you won't
> have access to your tape drives and the system will claim that the root
> filesystem is not mounted.

Oy. Does this mean that if you ln -s /sbin/df /tmp/devnm and run
/tmp/devnm that it will hose the system?

--
   - David A. Holland             |    VINO project home page:
     dholland@eecs.harvard.edu    | http://www.eecs.harvard.edu/vino

Next message: Lista de securitate: "IRC script trojan with Unix based clients"
Previous message: Simon Karpen: "SECURITY: Vulnerability in libX11 (fwd)"
Maybe in reply to: Joe Zbiciak: "Generic wrapper"
Next in thread: Joe Zbiciak: "Re: Generic wrapper"