Code Forums - View Single Post

02-22-2003, 12:14 PM

I am wondering how it is possible to secure a program using the exec() function that SUID0 world. After playing around with HackersLab for a while I was thinking that doing:

exec("IFS=''; export IFS;/bin/ls");

would do, where /bin/ls is the full path to the program, but can someone not just change PATH to /tmp so that the command 'export' actually executes /bin/bash ? Would this work? Or is it possible to lock down a SUID0 world executable script?

/me is wondering this out of curiosity, I know it is better to have other ways then SUID0 scripts, I am just wondering.

02-22-2003, 12:14 PM	#1 (permalink)
anon Guest Posts: n/a	securing SUID0 programs? I am wondering how it is possible to secure a program using the exec() function that SUID0 world. After playing around with HackersLab for a while I was thinking that doing: exec("IFS=''; export IFS;/bin/ls"); would do, where /bin/ls is the full path to the program, but can someone not just change PATH to /tmp so that the command 'export' actually executes /bin/bash ? Would this work? Or is it possible to lock down a SUID0 world executable script? /me is wondering this out of curiosity, I know it is better to have other ways then SUID0 scripts, I am just wondering.