Re: Telnet attack on SGI

adambwh.harvard.edu

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Bernd Lehle: "Does the shared lib bug work on any suid program ?"
• Previous message: Todd C. Miller: "Re: Telnet vulnerability: shared libraries"
• In reply to: Douglas Siebert: "Telnet attack on SGI"
• Next in thread: Adrian: "Re: Telnet attack on SGI"

Doug Siebert wrote:

| There are two ways I know of to protect against this attack until SGI has a
| patch ready.  One would be to write a wrapper that removes "dangerous"
| environment variables.  Obviously, figuring out which ones are dangerous is
| the trick!  Certainly anything that starts LD_ or _RLD should be
| removed.  But
| there may always be others you don't know about.  You'd take your wrapper and

        A wrapper should only pass 'trusted' and needed environment
variables.  TZ, LANG, TERMCAP and the like.  Its much easier to figure
out what you need than what you shouldn't trust.

        Logdaemon is supposedly not affected by this; I suspect that
that's because it already empties its environment.  Good defensive
code that.

Adam

--
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume

• Next message: Bernd Lehle: "Does the shared lib bug work on any suid program ?"
• Previous message: Todd C. Miller: "Re: Telnet vulnerability: shared libraries"
• In reply to: Douglas Siebert: "Telnet attack on SGI"
• Next in thread: Adrian: "Re: Telnet attack on SGI"