On Friday, May 3, 2002, at 05:48 , Tor Hildrum wrote:
> Could someone point me to a page that gives information about all the
> pitfalls that are "available" when running a Perl or CGI script with the
> suid bit set?
there are two important things here
just because you did the chmod 4755 file
doesn't mean much until you do the
chown root:wheel
At which point there is the fun filled and exciting moment
that if you have one of those 'bail to shell' buffer over
flow attack liabilities - then the person on the outside
who has been nailing on your httpd port with their
Net::Telnet
software - just walked in the front door and took over
your system - and is in the process of using it as a
basis for a distributed denial of service attack, which
may leave you fiscally liable for 'loss of services' and/or
other such 'damages' and 'punishments' as the attorney
with the deeper pockets may be able to secure in the judgement.
As the software developer - you may be able to limit some
of that liability - assuming that your employer considers
it worth their time to not merely set you adrift - as they
work out how to cut their losses and point that you were
simply a disgruntled employee and should be held criminal
negligent....
does that help?
in general - since this is a 'text file' that is being
'interpreted' - it is easier to get the hack in and
'wonk it' with the resident text editor than it is to
'reconfigure' a binary code as the number of people who
can use text editors - once they have hacked A - are
greater than the folks who can do a full on hexdump and
figure out where to do the diff patch to swap the compiled binary
for a more appropriate piece of bliable code.
If you really need setuid processes - then one of the
principle tricks remains to have them 'spawned' from a
nice harder to hack piece of compiled 'c' code.
Your Mileage may vary -
Void Where Prohibited By Law
Do Not bend, fold, spindel or mutilate.
ciao
drieux
---
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
