Google Chrome
Hal Duston
hald at kc.rr.com
Fri Sep 5 21:36:27 CDT 2008
On Fri, Sep 05, 2008 at 09:29:51PM -0500, Justin Dugger wrote:
> On Fri, Sep 5, 2008 at 8:31 PM, Hal Duston <hald at kc.rr.com> wrote:
> > the environment. All the program is doing is modifying the contents
> > of argv[0] after making provision for the rest of the environment.
>
> I wonder if ps has been evaluated for security. It's old enough that
> surely someone's thought of attacking scripts like that before. I'm
> sure there's a few scripts out there written to run 'ps' as root.
I'm not sure I follow. The application is modifying its own argv[0].
ps is reading /proc/<pid>/cmdline, and displaying it. Where is the
risk? ps already has to be concerned about any indeterminate values
being in /proc/<pid>/cmdline regardless of the fact that some random
process can modify its own argv[0].
Thanks,
--
Hal
More information about the Kclug
mailing list