Universal Wrapper

From: Willy TARREAU (tarreauat_private)
Date: Tue Mar 03 1998 - 04:17:46 PST

  • Next message: Simple Nomad: "NMRC Advisory - GroupWise Buffer Overflow"

    Hi there !
    
    While I wanted to patch my Xfree,
    I realized it would be easier to write a wrapper so I wrote a simple one.
    It only works on arguments passed to the executable, no control is done
    about environment variables. But its advantage over some other wrappers
    is that you just have to compile it one and to maintain a reference table
    which is a small file in /etc. This file is indexed by argv[0] (which could
    be spoofed so be careful to what you put in!). It contains, for each entry,
    the name of the real executable, desired EUID and/or EGID, maximum number of
    args, maximum args length, and a log level which determines 5 possible
    behaviours:
       0 - log nothing, just truncate args.
       1 - log only if too long an arg is given
       2 - also log if too many args are passed
       3 - systematically log any call to the prog
       4 - wait a few seconds and quit if any error occurs
    
    An other interesting aspect is that it can block during a fixed amount of
    time before exiting, just to slow down automatic scripts. To make these
    scripts harder (but not impossible) to use, all signals are ignored during
    the pause (except of course, SIGKILL/SIGSTOP).
    
    It really needs more work, but I won't be there till next week-end, and I
    wanted to post this now. You could combine it with a message sender I wrote
    a few months ago, which will pop up a window on you display with immediate
    information about what's happening on your system.
    
    Addresses:
      SafeLoad (the wrapper):
         http://www-miaif.lip6.fr/willy/pub/safeload/
      Xmsg (message handler/sender):
         http://www-miaif.lip6.fr/willy/pub/xmsg/
      Buffer overflow tests:
         http://www-miaif.lip6.fr/willy/security/
    
    That's all for the moment. Please tell me if you make significant
    modifications to the wrapper, or if you find security holes in it, because
    it's to be suided root, of course, and I hope it won't need itself another
    wrapper  :-)
    
    
    Willy
    
    --
    +---------------+-------------------------+---------------------------------+
    | Willy Tarreau | tarreauat_private | http://www-miaif.lip6.fr/willy/ |
    | Magistere d'Informatique Appliquee de l'Ile de France (MIAIF), promo 97   |
    +---------------------------------------------------------------------------+
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:13:16 PDT