Bugtraq mailing list archives
Re: Generic wrapper
From: jrozes () GUMBO TCS TUFTS EDU (Jonathan Rozes)
Date: Fri, 30 May 1997 15:38:49 -0400
Look what Joe Zbiciak said on May 26, 10:03pm:
Since there are a plethora of buffer overflows waiting to happen, and since the AUSCERT wrapper isn't sufficient for many people, I'm making my more generic wrapper available to all.
One caveat: this wrapper will break programs with symbolic links that perform different functions of the wrapped program (like sendmail, which has links for mailq and newaliases). This is because the wrapper resets argv[0] to the name of the wrapper program before executing the wrapped program. IRIX users will get nastily bit if they wrap /sbin/df, because /etc/devnm (a symlink to df) will produce wierd results, causing the boot sequence to fail to create the root device links /dev/root and /dev/rroot, along with any tape device links. Your system will still boot normally, but you won't have access to your tape drives and the system will claim that the root filesystem is not mounted. I commented out the offending line in the wrapper and things work as they should now. What security implications are there to not resetting argv[0]? Thanks, jonathan -- +++ Jonathan Rozes, Unix Systems Administrator, Tufts University ++ jrozes () tcs tufts edu, http://rozes.tcs.tufts.edu/ + Remember, there's a difference between kneeling down and bending over --FZ
Current thread:
- Generic wrapper Joe Zbiciak (May 26)
- <Possible follow-ups>
- Re: Generic wrapper Jonathan Rozes (May 30)
- SECURITY: Vulnerability in libX11 (fwd) Simon Karpen (May 29)
- Re: Generic wrapper Joe Zbiciak (May 30)
- Re: Generic wrapper David Holland (May 30)