possible security hole
Tue, 5 Dec 2000 12:46:16 -0800
There is no telnet access or any other command line access to anyone other
than root on this server. Is there a way to examine the environment of the
shell process strictly through cgi?
----- Original Message -----
From: "Florian Weimer" <Florian.Weimer@RUS.Uni-Stuttgart.DE>
Sent: Tuesday, December 05, 2000 4:31 AM
Subject: Re: possible security hole
> Werner Koch <firstname.lastname@example.org> writes:
> > On Mon, 4 Dec 2000, Derek Vokey wrote:
> > > "echo $sensitiveinfo|gpg --homedir /my/home/dir --always-trust -ear
> > > to\@me.com"
> > I don't know PHP, but I assume that you are using something like
> > system(3) to this job. The problem is that you might be able to
> > trick the shell in doing evil thing by having shell code in
> > $seinsitiveinfo.
> > Some possible solutions:
> > * sanitize $sensitiveinfo by removing all characters except for
> > digits, underscore, space and letters :-)
> If you do this, other (non-privileged) users on the same machine are
> able to retrieve $sensitiveinfo by examining the environment of the
> shell process.
> Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
> University of Stuttgart http://cert.uni-stuttgart.de/
> RUS-CERT +49-711-685-5973/fax +49-711-685-5898
> Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
> with a subject of "unsubscribe" to email@example.com
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to firstname.lastname@example.org