home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!gatech!destroyer!cs.ubc.ca!unixg.ubc.ca!kakwa.ucs.ualberta.ca!ersys!alpha3!news
- From: russell@alpha3.ersys.edmonton.ab.ca (Russell Schulz)
- Newsgroups: comp.bbs.waffle
- Subject: Re: UUDECODE security holes
- Message-ID: <930121.092117.2J0.rusnews.w164w@alpha3.ersys.edmonton.ab.ca>
- Date: Thu, 21 Jan 1993 09:21:17 MST
- References: <D73HXB1w165w@vector0.SAC.CA.US>
- Organization: Private System, Edmonton, AB, Canada
- X-Newsreader: rusnews v0.99
- Lines: 40
-
- jon@vector0.SAC.CA.US (Dazed N. Confused) writes:
-
- > Is there a BBS-safe version of uudecode? Do Unix uudecodes
- > do this?
-
- Unix iteself checks for file permissions... but under Unix, doesn't
- everything under waffle run under the same userid?
-
- it'd be easy enough to write a sed script that would strip any of
- /\: from a filename and add /user/%A/ onto the front of it, but
- even then you'd have to be careful they didn't write to clock$, say,
- and crash your system.
-
- I posted code (in pascal) in alt.sources a few weeks ago to check
- for device names (con, lpt1.os2, emm$whatever - whatever you've got installed)
- by going through the device chain - that way, you can do the check without
- even opening the filename. so, you could do this:
-
- uuscheck filename
- if errorlevel 1 goto illegal
- uudecode ...
- goto done
- :illegal
- echo ...
- :done
-
- where uuscheck would do the `security' check of the file - if it was
- pointing to a device driver, it'd return with errorlevel 1, otherwise
- it'd fix up the filename on the `begin ' line to be in the user's home
- directory.
-
- > --Jon (thanks to Russ Schulz for pointing this hole out)
-
- who just realized last night a security hole in rusnews - where it reads
- in the `forward' file from the user/foo directory, if you send mail to
- something like `../../waffle/system' and you had a waffle/system file,
- it'd read in the first line - not a _big_ security hole, (nothing like
- the one in v0.9 fixed long, long ago) but one nonetheless.
- --
- Russell Schulz russell@alpha3.ersys.edmonton.ab.ca ersys!rschulz Shad 86c
-