[NCLUG] Need to write to non-owned file

S Luke Jones slukejones at gmail.com
Wed May 16 09:06:33 MDT 2007 

Benson Chow wrote:
> The long explanation:
>
> [...]
>
> Let me tell you, given a naive implementation of a setuid program 
> there are a lot of ways to crack into it and get root.  Everywhere 
> from buffer overflows to timing attacks, you'll have to ensure every 
> single method is blocked, from making sure all buffers are bounded and 
> all file writes are atomic (with itself _and_ other programs), TO 
> START WITH!  There's MUCH more to it than just these two examples!
Back in my 3B1 days (all hail the mighty AT&T UNIX(tm) PC) I used to 
have a tool that would construct a command line from ARGV and then do a 
"system" call with it. Then I set the suid bit and changed the owner to 
root and 'voila!'. I called my tool 'hammer' (like, get a bigger one) 
and it did pretty much what 'sudo' does today, only far more 
dangerously. (I don't know if 'sudo' had been invented yet back then, 
but it wasn't invented here, if you get my meaning.)

Anyway, the point of my question is this: is the suite of problems you 
describe intrinsic to the problem, or do they simply mean that library 
design hasn't advanced far enough from where it was in the 3B1 or V7 
Unix days? I mean, why are there still buffer overflows? Sure, if you 
use scanf, but why doesn't scanf cause a compiler warning that tells you 
it's deprecated? I don't know the rest of these issues, and you do, but 
I wonder why these things can't be handled by bright library-routine 
writers and let us poor dumb schlubs muddle along as before?

I used to work with some EE's at a huge computer company known by its 
initials, and I was stunned to see that they eschewed the use of 
'memcpy' in favor of a for loop and pointers. They said they were tight 
on memory and couldn't bring in unnecessary library routines. Their 
assumption was that memcpy was just a for loop with some needless bells 
and whistles. I shouldn't complain; my job working in product 
engineering to reduce warranty costs, and with that attitude prevalent 
there, I knew I had a lifetime employment guarantee. (I could start a 
flame war by saying that's what happens when a company lets EE's write 
software instead of computer scientists. But I won't.)

But still: why don't people use libraries, and -- assuming there aren't 
any that do all the things you have mentioned above -- why don't 
libraries do everything that's necessary to solve a problem correctly?

Luke

More information about the NCLUG mailing list