Bugtraq mailing list archives
Environment Variables and Strings()
From: nlawson () statler csc calpoly edu (Nathan Lawson)
Date: Sat, 3 Dec 1994 16:38:12 -0800 (PST)
A better solution is to smash the _entire_ environment flat, except for specific ones, such as TZ, that can be reasonably assumed to be safe (I hope - anyone broken into a system with the TZ variable? :-)
What is the best way to do this? I have seen several different methods and was interested in the most effective one. This will definitely be a recurring issue, as the past has shown.
ObBugDetectingHint: (I thought this to be obvious, but I've mentioned it to a few people who hadnt realised it, so may as well send it on) You can get an idea for whether a program is doing something stupid like a system() or popen() with 'strings'. For example, something like /bin/mail %s is usually a bit of a giveaway that someone is doing something stupid, and you might be able to break it.
I just wanted to add that Ultrix binaries are really helpful in the fact that 'strings' reports which parts of the standard library are used. For example: wonker% strings /usr/bin/mail | egrep 'system|popen' (...) @(#)popen.c @(#)system.c
(bonus points if you can spot the program that the above is from :-)
Expreserve (boy what a memory :-) -Nate
Current thread:
- Environment Variables and Strings() Nathan Lawson (Dec 03)