|
Boost : |
Subject: Re: [boost] [Stacktrace] review, please stop discussing non-Stacktrace issues
From: Peter Dimov (lists_at_[hidden])
Date: 2016-12-19 12:04:00
Andrey Semashev wrote:
> Suppose someone placed $HOME/bin/addr2line of the following content:
That's only going to work if $HOME/bin is on the path before /usr/bin, which
seems not very prudent from a security perspective. The user can type
'addr2line' (or anything else in /usr/bin such as 'ls') himself, after all.
Hello root. So it's not that easy.
In general, if the attacker has write access to a directory in $PATH, things
are already not very secure. This also applies to Windows, because $PATH is
searched for DLLs, although it has very low priority, so you need to find a
DLL that the program attempts to load but isn't present in the system
directories.
That said, Stacktrace should probably not use $PATH at all for locating its
helper process. On POSIX, execvp is not async safe anyway, so using
/usr/bin/addr2line directly may be better. And on Windows, the helper would
generally be installed along with the program - it won't be a system utility
such as addr2line. In which case it would be spawned from the directory of
the program using a full path. And if the attacker has write access to the
directory of the program, there are many other things he can do, such as
replacing the program itself, or adding a rogue .DLL there.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk