[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: daemons



On Mon, 31 Jul 2000, Sharad Joshi wrote:

>> + i make a program differentiate between a normal setuid program (chfn,
>> + passwd ) and a buffer overflow exploit ( pam.sh , sendmail exploit?
> 
	How do u differentite? I think a buffer overflow can happen in
any program, The only problem in suid ones is that it can lead to
execution of something with some other (maybe root) uid. And in my opinion
there is no normal suid program. Only that some are more extensively
tested (due to their old age). Loose code can exist anywhere.
 
> - Dont mark this directory in '$PATH' so that the user has to explicitely
>   name whole path for invoking a prog.
The user can add it!!
> - when a user tries to launch some other thing, not in this list (match
>   the command line, you kill that. You can check gid, egid, too.
	But how does it stop the buffer overflow? Is there any way to find
out whether the code being executed by say sendmail is the one it should?

-- 

#!!!	If anything can go wrong, _FIX_ it. (To hell with MURPHY)
	
						Ajay kumar Dwivedi
						 ajayd@xxxxxxxxxx