On 2001-11-19 Larry W. Cashdollar wrote the folowyng:

LWC> I think we are going to find a new era of buffer overflows, not in
LWC> the daemons themselves but the user utilities that they call. Overflows
LWC> in non-setuid binaries might be worth cataloging if these binaries are
LWC> being called by applications that are listening to a socket.

LWC> This might be a good time to be thinking about what relies on what.

I remember reading about something similar (if anybody knows something
more about it I would be happy to refresh my memory). Many admins did a
|mail from cron and they did it in a way that made it possible for
attackers to execute commands (mail has/had such a feature). The
conclusion was that we are using (though I was sure the problem was
eliminated long ago... guess I'm to young to know better :) programs not
designed to be secure in ways which require them to be secure (who cares
if your grep does a segfault? it's not suid!... but remember all those
maintenance scripts run from cron suid root? every third line does a
|grep... oops I did it again :).

-- 
Mariusz Mazur
"One Ring to bring them all and in the darkness bind them"
rem begin  JenniferLopez_Naked.jpg.vbs :)

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]