On Wed, 16 Jul 2003 17:20:48 +0100, Nick Cleaton <[EMAIL PROTECTED]> wrote: > On Wed, Jul 16, 2003 at 04:35:52PM +0100, Andy Wardley wrote: >> Nick Cleaton wrote: >> > That passes the environment unaltered to SCRIPT. In combination with >> > the fact that you're setting the real uid/gid as well as effective, >> > that could lead to arbitrary command execution via PATH or LD_PRELOAD >> > or PERL5LIB or some such. >> >> Which is why I would always set the environment in the script and/or always >> use explicit paths to any commands I call. > > That won't help if the attacker uses LD_PRELOAD, since they get control > as the perl process starts up, before it has even read the script.
If the executable is +s, LD_PRELOAD et al will be ignored. -Dom -- | Semantico: creators of major online resources | | URL: http://www.semantico.com/ | | Tel: +44 (1273) 722222 | | Address: 33 Bond St., Brighton, Sussex, BN1 1RD, UK. |
