[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-modperl
Subject:    Re: Launching Apache/mod_perl from setuid script
From:       "Daniel S. Riley" <dsr () MAIL ! LNS ! CORNELL ! EDU>
Date:       1998-03-29 16:00:33
[Download RAW message or body]

modus@PR.ES.TO writes:
> This program is insecure.

You bet--trivially exploitable.  Marc is right, might as well just give
out the root password.

> Anyone who can execute this script can get access to your system as the
> owner of this program (in this case, most likely root).  If you must use a
> wrapper, rather than sudo et al, use snprintf, instead of sprintf.

It locates the server using getenv(), calls system() to start the
server, and you're worrying about sprintf()?  Boggle.
--
Dan Riley                                         dsr@mail.lns.cornell.edu
Wilson Lab, Cornell University      <URL:http://www.lns.cornell.edu/~dsr/>
    "History teaches us that days like this are best spent in bed"

[prev in list] [next in list] [prev in thread] [next in thread]