Bugtraq mailing list archives
Universal Wrapper
From: tarreau () AEMIAIF LIP6 FR (Willy TARREAU)
Date: Tue, 3 Mar 1998 13:17:46 +0100
Hi there ! While I wanted to patch my Xfree, I realized it would be easier to write a wrapper so I wrote a simple one. It only works on arguments passed to the executable, no control is done about environment variables. But its advantage over some other wrappers is that you just have to compile it one and to maintain a reference table which is a small file in /etc. This file is indexed by argv[0] (which could be spoofed so be careful to what you put in!). It contains, for each entry, the name of the real executable, desired EUID and/or EGID, maximum number of args, maximum args length, and a log level which determines 5 possible behaviours: 0 - log nothing, just truncate args. 1 - log only if too long an arg is given 2 - also log if too many args are passed 3 - systematically log any call to the prog 4 - wait a few seconds and quit if any error occurs An other interesting aspect is that it can block during a fixed amount of time before exiting, just to slow down automatic scripts. To make these scripts harder (but not impossible) to use, all signals are ignored during the pause (except of course, SIGKILL/SIGSTOP). It really needs more work, but I won't be there till next week-end, and I wanted to post this now. You could combine it with a message sender I wrote a few months ago, which will pop up a window on you display with immediate information about what's happening on your system. Addresses: SafeLoad (the wrapper): http://www-miaif.lip6.fr/willy/pub/safeload/ Xmsg (message handler/sender): http://www-miaif.lip6.fr/willy/pub/xmsg/ Buffer overflow tests: http://www-miaif.lip6.fr/willy/security/ That's all for the moment. Please tell me if you make significant modifications to the wrapper, or if you find security holes in it, because it's to be suided root, of course, and I hope it won't need itself another wrapper:-) Willy -- +---------------+-------------------------+---------------------------------+ | Willy Tarreau | tarreau () aemiaif lip6 fr | http://www-miaif.lip6.fr/willy/ | | Magistere d'Informatique Appliquee de l'Ile de France (MIAIF), promo 97 | +---------------------------------------------------------------------------+
Current thread:
- Re: Screen tmp race temp fix Michal Zalewski (Aug 16)
- Re: Screen tmp race temp fix David Luyer (Aug 19)
- [NTSEC] (It gets worse) NT vulnerable to DOS attack on more than Bob Beck (Jan 25)
- firewall-1: old broadcast address hole? Tom Vandepoel (Apr 24)
- another irix buffer overflow... David Hedley (May 26)
- one last one for this evening... David Hedley (May 26)
- Vulnerability Database Matt Barrie (Jun 22)
- perl version of that tin opener (IOS decrypt.c) Riku Meskanen (Jan 11)
- pnserver exploit.. Aleph One (Jan 15)
- Universal Wrapper Willy TARREAU (Mar 03)
- Re: Screen tmp race temp fix Philip Guenther (Aug 19)
- Retraction and apology route () RESENTMENT INFONEXUS COM (Aug 20)
- <Possible follow-ups>
- Screen tmp race temp fix marcelo () FREAK CONECTIVA COM BR (Aug 18)
- Re: Screen tmp race temp fix David Luyer (Aug 19)