A security hole
terry
terry at wsccs.UUCP
Tue Feb 23 14:44:07 AEST 1988
Do NOT write a setuid program that uses getcwd(). The getcwd() call
does a popen() of the "pwd" shell command and does not check it's path. This
means that someone could write their own pwd and execute the command from
their directory, thus gaining root access via a sh -c.
| Terry Lambert UUCP: ...!decvax!utah-cs!century!terry |
| @ Century Software or : ...utah-cs!uplherc!sp7040!obie!wsccs!terry |
| SLC, Utah |
| These opinions are not my companies, but if you find them |
| useful, send a $20.00 donation to Brisbane Australia... |
| 'There are monkey boys in the facility. Do not be alarmed; you are secure' |
More information about the Comp.bugs.sys5
mailing list