security hole in swais, FYI

Marten Terpstra Marten.Terpstra at
Wed Sep 2 08:04:23 UTC 1992

 Jonny Goldman <jonathan at Think.COM> writes:
  *    From: Marten Terpstra <Marten.Terpstra at>
  *    Date: Tue, 01 Sep 92 15:46:22 +0200
  * We've known about this.The solution is to run swais under a chroot, with a
  * very limited bin directory.  This is how swais is run on Quake, and we've
  * had no evidence of any tampering.

The version I have (b4) does not have a chroot in it. Currently we are
running without the mail and pipe options ...
The loss of a pipe option is no problem, the mail option is.

  * I've done this by using a special .cshrc, but I just thought of a way that
  * could be defeated.  Hmmm, I want users to be able to use a limited set of
  * commands.  Perhaps swais needs a "secure" command list.

A secure command list would be very nice, or perhaps like other programs a
simple compile time enable/disable flag for each command. Pagers like "less"
have something along these lines.

Anyway, let us know if something more "safe" comes along.



More information about the NANOG mailing list