Front page | perl.perl5.porters |
Postings from December 1999
From: Tom Christiansen
December 4, 1999 10:31
Message ID: 199912041830.LAA18360@jhereg.perl.com
Ok, fine. Let's assume that you have both getpwnam() and getspwnam()
available from a program. If an attacker is going to tickle a Perl
program with a buffer-overrun exploit, he can trivially make *ANY PERL
PROGRAM* call getspwnam(), even those scripts that don't appear to use it.
In fact, although it isn't pretty, I have it on reasonable authority
that a buffer-overrunnable program can, given enough work, be made to
call anything in any shared library that you like to.
So, given that the BSD getpwnam behaviour makes no difference when it
comes to buffer overruns, could you please explain some *other* sort
of exploit to which we would now be vulnerable given the current set-up
but which under the painful separate calls, we would not be?
Keep in mind, please, that if the status quo were altered, that you
wouldn't just be breaking existing code. You'd be breaking existing code
which had been written to perform some sort of security-minded operation.
I'd say that this rather ups the ante of whether to break things.