From owner-FreeBSD-users-jp@jp.freebsd.org  Mon Jan  3 13:35:24 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id NAA55995;
	Mon, 3 Jan 2000 13:35:24 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from tasogare.imasy.or.jp (mistral@tasogare.imasy.or.jp [202.227.24.5])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id NAA55990
	for <FreeBSD-users-jp@jp.freebsd.org>; Mon, 3 Jan 2000 13:35:24 +0900 (JST)
	(envelope-from mistral@imasy.or.jp)
Received: from mistral.wind.prv (isdnb58.imasy.or.jp [202.227.24.186])
	by tasogare.imasy.or.jp (8.9.3+3.2W/3.7W-tasogare/smtpfeed 1.01) with ESMTP id NAA24923;
	Mon, 3 Jan 2000 13:35:22 +0900 (JST)
	(envelope-from mistral@imasy.or.jp)
Message-Id: <200001030435.NAA24923@tasogare.imasy.or.jp>
Received: (from yohta@localhost)
	by mistral.wind.prv (8.9.3/3.7Wpl2-990626) id NAA01613;
	Mon, 3 Jan 2000 13:23:22 +0900 (JST)
Date: Mon, 3 Jan 2000 13:23:22 +0900 (JST)
From: mistral@imasy.or.jp (Yoshihiko SARUMARU)
To: mistral@imasy.or.jp
Cc: FreeBSD-users-jp@jp.freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-2022-JP
X-Mailer: mnews [version 1.22] 1999-12/19(Sun)
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990727
X-Sequence: FreeBSD-users-jp 48742
Subject: [FreeBSD-users-jp 48742] Re: suid & system(3)
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: mistral@imasy.or.jp

$B!!1n4]$G$9!#(B
  $BC/$b=q$+$J$$$_$?$$$J$N$G!D!D!#(B
  $B4V0c$C$F$?$i;XE&$7$F$/$@$5$$(B

  $B0zMQ$,A08e$7$^$9$,(B:
1999-12-29($B?e(B) 19:18:37.$B:"!"(Bj5306050@cs.gunma-u.ac.jp$B$5$s$O=q$-$^$7$?!#(B

>   1. $BHs(B suid $B%W%m%0%i%`Fb$G!"(Bsystem(3) $B$rMQ$$$F(B suid $B%W%m%0%i%`$r<B9T(B
>   2. suid $B%W%m%0%i%`Fb$G!"(Bsystem(3) $B$rMQ$$$F(B $BHs(B suid $B%W%m%0%i%`$r<B9T(B
> $B$G!"$I$A$i$,(B OK $B$J$N$+(B ($B$"$k$$$O$I$A$i$b%@%a$J$N$+(B)$B!"$J$<(B system(3) $B$r(B
> $B;H$C$F$O$$$1$J$$$N$+$r2r@b$7$F$$$?$@$1$^$;$s$G$7$g$&$+!#(B

  $B$=$b$=$b(B setuid $B$NLdBj0JA0$K!"(Bsystem $B4X?t$O5$7Z$K;H$($^$9$,!"(B
$B%7%0%J%k$H$+La$jCM$H$+%*!<%P%X%C%I$H$+$$$m$$$m$HITJX$J$N$G!"(Bexec 
$B7O%7%9%F%`%3!<%k$r;H$C$?J}$,$$$$$G$9!#AGD>$K(B fork / exec $B$7$^$7$g(B
$B$&!#$=$NJ}$,%W%m%0%i%_%s%0$b3Z$7$$$G$9$h(B :-)


  $B$=$l$r$U$^$($F!"(Bsetuid $B$,$+$i$`>l9g!"$^$:(B 2 $B$G$9$,!"Hs(B suid $B%W(B
$B%m%0%i%`$r<B9T$9$k$N$O9=$$$^$;$s!#$,!"EvA3$=$N>l9g$OFC8"$r<jJ|$7(B
$B$F$$$k>uBV!"$"$k$$$OFC8"$r<hF@$9$kA0$K<B9T$9$k$Y$-$G$9!#(B
  $B$b$7FC8"$r;}$C$?>uBV$G2?$+30It%W%m%0%i%`$r<B9T$9$k$N$G$"$l$P!"(B
system $B$r;H$&$N$O;_$a$?J}$,$$$$$H;W$$$^$9!#$?$H$($PM-L>$J$H$3$m(B
$B$@$H(B PATH $B4D6-JQ?t$H$+!"(B`` $B$H$+!#%N!<%A%'%C%/$G(B shell $B$KEO$7$A$c(B
$B$@$a$h!"$H$$$&$N$O(B CGI $B$r:n$k;~$N;X?K$N$h$&$J7A$G(B CERT Advisory 
$B$K$b:\$C$F$?$O$:$G$9(B ($B$7$+$b(B Revise $B$5$l$F$$$k(B)$B!#(B
  $B$b$A$m$s(B execlp ($B$G$7$?$C$1!)(B) $B$r;H$C$F(B PATH $B4D6-JQ?t$KMj$C$F(B
$B%3%^%s%I8!:w$r$9$k$h$&$J=q$-J}$r$9$k$N$bF1$8$h$&$KBLL\$G$9!#@dBP(B
$B%Q%9$G;XDj$7$J$$$H!#(B

  1 $B$N>l9g$O$I$&$J$s$G$7$g$&!#<B9T$9$k30It%W%m%0%i%`$,$A$c$s$H:n$C(B
$B$F$"$l$P$+$^$o$J$$$s$8$c$J$$$G$7$g$&$+!)(B


> $B!V(BUNIX C $B%W%m%0%i%_%s%0!W$K$O!"$3$l$H$O5U$N>u67$G(B
>    system(3) $B$G(B ($BFC$K(B root $B$X$N(B) suid $B%W%m%0%i%`$r<B9T$7$F$O$$$1$J$$(B
> $B$H=q$$$F$"$C$?$h$&$J5-21$,$"$k$N$G$9$,!";w$?$h$&$JLdBj$,(B
> $B5/$3$k$N$G$7$g$&$+(B?

  146 $B%Z!<%8$K$O!"(B
> set-user-id ($B$H$/$K%9!<%Q!<%f!<%6!<$X$N(B) $B%W%m%0%i%`$O!"$=$N%5(B
> $B%V%W%m%;%9$r<B9T$9$k$?$a$K!"(Bsystem $B$r7h$7$F;HMQ$7$F$O$J$i$J$$(B
$B$H$"$j$^$9$,!"$3$N$3$H$G$7$g$&$+!#$3$l$O(B 2 $B$N>l9g$G$9$h$M!#(B

--
$B1n4](B($B5l@+(B: $BB@ED(B)$BK'I'(B (Yoshihiko SARUMARU)
mail: mistral@imasy.or.jp	web: http://www.imasy.or.jp/~mistral/
