Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Further, they should not execute any program whose name does not begin with a slash. In al cases they should check their arguments very carefully. They should not cal any of these dangerous subroutines: execip execvp popen system The last two of these can (as we saw above) can involve execution of extra shels not intended by the programmer. Each cal to any of the above, or ot any other form of exec should be preceded by a setuid(getuid()) if at all possible.

Download link

Further, they should not execute any program whose name does not begin with a slash. In al cases they should check their arguments very carefully. They should not cal any of these dangerous subroutines: execip execvp popen system The last two of these can (as we saw above) can involve execution of extra shels not intended by the programmer. Each cal to any of the above, or ot any other form of exec should be preceded by a setuid(getuid()) if at all possible.
https://media.mstdn.social/media_attachments/files/113/794/849/555/105/152/original/c1cbe61ac02770a7.png

Notices where this attachment appears

Embed this notice
Jan Schaumann (jschauma@mstdn.social)'s status on Thursday, 09-Jan-2025 08:34:10 JST Jan Schaumann

"/bin/sh: the biggest #UNIX security loophole", by James A. Reeds, 1984
https://www.tuhs.org/Archive/Documentation/TechReports/Bell_Labs/ReedsShellHoles.pdf
All the tried and true ways to escalate privileges, including your common shell-out of setuid programs, PATH games, etc. with the conclusion we still see people having to learn repeatedly:

In conversation 4 months ago from mstdn.social permalink