possible security hole

Derek Vokey turfdog@planetturf.ca
Tue, 5 Dec 2000 12:46:16 -0800


There is no telnet access or any other command line access to anyone other
than root on this server. Is there a way to examine the environment of the
shell process strictly through cgi?
----- Original Message -----
From: "Florian Weimer" <Florian.Weimer@RUS.Uni-Stuttgart.DE>
To: <gnupg-users@gnupg.org>
Sent: Tuesday, December 05, 2000 4:31 AM
Subject: Re: possible security hole



> Werner Koch <wk@gnupg.org> writes:
>
> > On Mon, 4 Dec 2000, Derek Vokey wrote:
> >
> > > "echo $sensitiveinfo|gpg --homedir /my/home/dir --always-trust -ear
me|mail
> > > to\@me.com"
> >
> > I don't know PHP, but I assume that you are using something like
> > system(3) to this job. The problem is that you might be able to
> > trick the shell in doing evil thing by having shell code in
> > $seinsitiveinfo.
> >
> > Some possible solutions:
> >
> > * sanitize $sensitiveinfo by removing all characters except for
> > digits, underscore, space and letters :-)
>
> If you do this, other (non-privileged) users on the same machine are
> able to retrieve $sensitiveinfo by examining the environment of the
> shell process.
>
> --
> Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
> University of Stuttgart http://cert.uni-stuttgart.de/
> RUS-CERT +49-711-685-5973/fax +49-711-685-5898
>
> --
> Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
> with a subject of "unsubscribe" to gnupg-users-request@gnupg.org
>
-- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org