Diary of a geek

April 2005
Mon Tue Wed Thu Fri Sat Sun
       
8
 

Andrew Pollock

Categories

Other people's blogs

Subscribe

RSS feed

Contact me

JavaScript required


Friday, 08 April 2005

There are at least four security flaws in this piece of software

#!/bin/sh
eval ls > $HOME/listing

This is on the cover of a brochure for a "Writing Secure Software" tutorial offered by eSec back in 2001. I kept the brochure because it made me think, and until now, I hadn't been able to find four flaws. I was just doing some cleaning up and I found it again.

So far, I have:

  1. relying on $PATH to provide ls (someone can overload it to cause something else to executed).
  2. trusting the output of the aforementioned ls command and executing it
  3. relying on $HOME to be set to something sane
  4. making an assumption about the current working directory of the script (as this is going to influence what ls returns and is thusly fed to eval)

Well, that is four things, but I'm not sure if that was the four things eSec had in mind. Now I think I will throw it out...

[21:17] [tech/security] [permalink]