=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/Attic/porting.html,v retrieving revision 1.11 retrieving revision 1.12 diff -c -r1.11 -r1.12 *** www/Attic/porting.html 1998/08/18 02:49:25 1.11 --- www/Attic/porting.html 1998/08/18 02:53:36 1.12 *************** *** 108,116 **** a valid shell script, a syntax error message would follow, along with the first line of the offending file, without any further permission check. Pretty handy to grab the first line of a shadow passwd file, considering ! these often start with root entry. Once again, don't trust filenames: ! open your file, and do an fstat on the open descriptor to ! check the actual rights.

Don't use anything that forks a shell in setuid programs before dropping your privileges. This includes popen and system. --- 108,117 ---- a valid shell script, a syntax error message would follow, along with the first line of the offending file, without any further permission check. Pretty handy to grab the first line of a shadow passwd file, considering ! these often start with root entry. Do not open your file, and then do ! an fstat on the open descriptor to check if you should have ! been able to open it (or the attacked will play with /dev/rst0 and rewind ! your tape) -- open it with the correct uid/gid/grouplist set.

Don't use anything that forks a shell in setuid programs before dropping your privileges. This includes popen and system. *************** *** 298,303 ****

www@openbsd.org !
$OpenBSD: porting.html,v 1.11 1998/08/18 02:49:25 millert Exp $ --- 299,304 ----

www@openbsd.org !
$OpenBSD: porting.html,v 1.12 1998/08/18 02:53:36 deraadt Exp $