Re: [linux-security] Re: Possible bufferoverflow condition in

[nick () zeta org au (Nick Andrew)]

Forwarding a message from don () paranoia com:
> The problem in mount, aside from the obvious buffer overrun, is that the
> most basic maxim for coding privileged programs was ignored--again.  All
> privileged programs should run without those privileges enabled except
> during execution of the critical code that needs them.
>
> For example:
>
> main()
> {
>    ...  /* variable decls */
>   seteuid( getuid() );
>    ...  /* non-privileged code, including sprintf() */
>   seteuid( 0 );
>   [...]

This doesn't aid security in the case of running code from the stack, since
the inserted code can easily do 'seteuid(0)' at any time.

Dropping privileges is useful when one is trying to avoid filesystem races
and it's a cheap way of getting the kernel to do your program's checking
for it. However, any program which can regain root privileges and have
its instruction execution compromised is a path to root for crackers.

> "The only thing necessary for the triumph of evil is for good men to do
> nothing."  -- Edmund Burke

"My purpose is not to make the world a better place in which to live, but
instead to live in it" -- (paraphrased from) Henry David Thoreau

Nick.
--
Kralizec Dialup Internet System         Data: +61-2-9837-1183, 9837-1868
Zeta Microcomputer Software             Fax: +61-2-9837-3753 Voice: 9837-1397
P.O. Box 177, Riverstone NSW 2765       http://www.kralizec.net.au/