Path: utzoo!mnetor!uunet!vsi!friedl
From: friedl@vsi.UUCP (Stephen J. Friedl)
Newsgroups: comp.bugs.sys5
Subject: Re: A security hole
Message-ID: <466@vsi.UUCP>
Date: 31 Mar 88 07:10:42 GMT
References: <181@wsccs.UUCP> <722@rivm05.UUCP> <478@minya.UUCP> <892@cosmo.UUCP> <4212@ihlpf.ATT.COM>
Organization: V-Systems, Inc. -- Santa Ana, CA
Lines: 15

In article <4212@ihlpf.ATT.COM>, nevin1@ihlpf.ATT.COM (00704a-Liber) writes:
} In article <544@fig.bbn.com> rsalz@bbn.com (Rich Salz) writes:
} .Every single program that is subject to the "IFS" trick can be
} .protected by written a wrapper that sets the environment properly,
} .then calls the real program.
} 
} But what stops the user from bypassing the wrapper and calling the real
} program directly?

The wrapper is setuid and the "real" program has its special
permissions removed.  If you bypass the wrapper the best you
can do is break your own usercode :-).

-- 
Steve Friedl           V-Systems, Inc.            *Hi Mom*
friedl@vsi.com {uunet,ihnp4}!vsi.com!friedl attmail!friedl