Re: How was the majordomo bug found ?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Christian A. Ratliff: "Sequent/DYNIX Security Hole"
• Previous message: John Evans: "Re: How was the majordomo bug found ?"
• In reply to: Vincent D. Skahan: "How was the majordomo bug found ?"
• Next in thread: Karl Strickland: "Re: How was the majordomo bug found ?"

>(Graham Toal writes:)
>> The correct way to write such programs needs a bit more publicity
>> I suspect.  I'd knock up a 'how to' except that I'm really up to
>> my ankles in alligators at the moment and will be for the next month...
>
>Without getting into the details of how long things were known since that
>gets into flame bait, I'd kind'a like to hear exactly how the hole(s) were
>found to learn better how to set up the appropriate traps to find such things
>as soon as they get used...
>

I think that a vast majority of 'holes' in Unix programs are based on the 
_DANGEROUS_ use of the system() function instead of the _MUCH_MORE_SECURE_ 
fork()/exec() combination.

>From the developper's point of view, using system() or even popen() is a 
single obvious line of C code, fork()/exec() combination needs about a dozen 
of lines...

>From the patches from Brent Chapman, it seems that majordomo was using 
system() or popen()...

There should indeed be a FAQ about how to write 'secure programs'.

Cheers,

Eric
---
Eric Vyncke,  Project Leader
Siemens Nixdorf - Centre Software de Liege - Belgium
EUnet: vyncke@csl.sni.be Phone: +32-41-201654 Fax: +32-41-201642

• Next message: Christian A. Ratliff: "Sequent/DYNIX Security Hole"
• Previous message: John Evans: "Re: How was the majordomo bug found ?"
• In reply to: Vincent D. Skahan: "How was the majordomo bug found ?"
• Next in thread: Karl Strickland: "Re: How was the majordomo bug found ?"