Path: utzoo!utgpu!water!watmath!clyde!att-cb!att-ih!pacbell!ames!mailrus!umix!uunet!mcvax!rivm!ccement
From: ccement@rivm.UUCP (Martien F v Steenbergen)
Newsgroups: comp.bugs.sys5
Subject: Re: A security hole
Summary: Use access(2).
Message-ID: <722@rivm05.UUCP>
Date: 8 Mar 88 12:49:17 GMT
References: <181@wsccs.UUCP>
Organization: RIVM, Bilthoven, The Netherlands
Lines: 28

In article <181@wsccs.UUCP>, terry@wsccs.UUCP (terry) writes:
> 
> 	Do NOT write a setuid program that uses getcwd().  The getcwd() call
> does a popen() of the "pwd" shell command and does not check it's path.  This
> means that someone could write their own pwd and execute the command from
> their directory, thus gaining root access via a sh -c.

First of all, by writing a setuid program you automatically open
the security hole and you are likely to fall in. You must always
be suspicious of any setuid program.

Second, when you really need a setuid program you'll have to check a lot
of permissions etc. yourself. One system call was created to help you with
access permissions: access(2). access(2) uses the real user IDs instead
of the effective user IDs when checking access permissions. (Remember that
a setuid program only changes the effective user ID of the calling process.)

________________________________________________________________
Martien F. van Steenbergen
National Institute of Public Health and Environmental Protection
dept. RIVM/CCE
PO Box 1
3720 BA Bilthoven
The Netherlands

tel: (31) 30 742819
email: ...!mcvax!rivm!martien
___________________________MSDOSN'T_____________________________