Date: Sat, 12 Oct 2002 13:41:23 +0400 From: Solar Designer <solar@...nwall.com> To: "John E. Davis" <davis@...ce.mit.edu> Cc: security-audit@...ret.lmh.ox.ac.uk, xvendor@...ts.openwall.com Subject: slang 1.4.6 Owl patches John, Attached to this message are two patches and RPM spec file from our S-Lang package in Owl (http://www.openwall.com/Owl/) I did a review of the library code for environment variable uses and restricted those which would be unsafe in SUID/SGID programs, in a glibc-specific way. While I think that it's an extremely bad idea to use slang in this way, I also feel that as a distribution providing the library we're somewhat responsible for the consequences of such misuses. Hence the patch. If you choose to make a similar change to the official slang, the references to __secure_getenv() and __libc_enable_secure need to be replaced with similar slang-internal interfaces which would rely on: 1. issetugid(2) where available (*BSD); 2. __libc_enable_secure on glibc; 3. getuid() != geteuid() || getgid() != getegid() first time, cached result afterwards. The third possibilities isn't as secure as the first two because it is possible that the program has started as SUID/SGID and possesses access to a privileged resource (open files, data in address space), but has already relinquished its privileged effective IDs so that's not detected. Oh, by the way, it'd be nice to allow for specifying ELF_CFLAGS without having to patch the configure script. -- /sd View attachment "slang-1.4.6-owl-fixes.diff" of type "text/plain" (7457 bytes) View attachment "slang-1.4.6-owl-tmp.diff" of type "text/plain" (1300 bytes) View attachment "slang.spec" of type "text/plain" (2682 bytes)
Powered by blists - more mailing lists
Please check out the xvendor mailing list charter.