On Thu, 2006-Apr-06 14:49:25 +0400, Sply Splyeff wrote: >> The biggest problem is its failure to check the sanity of the input >> parameters - that a particular argument actually exists before >> referencing it. > >Do you mean that evil Bob can substitue Alice's script between stat() and >execve() calls? >Yes, I've missed this point.
Actually Bob can replace the script anytime between the initial statfs() call in your script and the interpreter opening the script sometime after the execve() call. You should be able to get around this by opening the script first, using fstatfs() and fstat() and passing the script as /dev/fd/N to the interpreter. What I was actually referring to was your use of argv[1], argv[2], argv[3] and argv[4] without checking argc or otherwise validating them. -- Peter Jeremy _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
