From marcs@draenor.org  Tue Aug 22 00:40:16 2000
Return-Path: <marcs@draenor.org>
Received: from draenor.org (draenor.org [196.36.119.129])
	by hub.freebsd.org (Postfix) with ESMTP id F350337B42C
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 22 Aug 2000 00:40:13 -0700 (PDT)
Received: from marcs by draenor.org with local (Exim 3.16 #1)
	id 13R8fU-0005yf-00
	for FreeBSD-gnats-submit@freebsd.org; Tue, 22 Aug 2000 09:40:20 +0200
Message-Id: <E13R8fU-0005yf-00@draenor.org>
Date: Tue, 22 Aug 2000 09:40:20 +0200
From: Marc Silver <marcs@draenor.org>
Reply-To: marcs@draenor.org
To: FreeBSD-gnats-submit@freebsd.org
Subject: potential problem with /usr/bin/sockstat
X-Send-Pr-Version: 3.2

>Number:         20775
>Category:       bin
>Synopsis:       potential problem with /usr/bin/sockstat
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    des
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 22 00:50:02 PDT 2000
>Closed-Date:    Sun Sep 17 13:03:29 PDT 2000
>Last-Modified:  Sun Sep 17 13:03:43 PDT 2000
>Originator:     Marc Silver
>Release:        FreeBSD 4.1-STABLE i386
>Organization:
>Environment:

	This isn't a majorly serious problem, but it has the potential to cause problems if a user's path is incorrect.

>Description:

	/usr/bin/sockstat incorrectly makes a call to 'netstat/fstat' instead of using the full pathname of the binary when calling it.  If a user's path is incorrectly set, this can cause a false binary/script to be run in place of the correct /usr/bin/ commands.

>How-To-Repeat:

	Simply create an executable netstat in your current directory, and change your PATH to that directory.  When you run sockstat it will execute the binary in your current directory.

>Fix:

--- sockstat.old	Tue Aug 22 09:29:21 2000
+++ sockstat	Tue Aug 22 09:38:40 2000
@@ -40,7 +40,7 @@
 $user,   $cmd,    $pid, $fd, $proto,$laddr,               $faddr
 .
 
-open NETSTAT, "netstat -Aan |" or die "'netstat' failed: $!";
+open NETSTAT, "/usr/bin/netstat -Aan |" or die "'netstat' failed: $!";
 <NETSTAT>; <NETSTAT>;
 
 while (<NETSTAT>) {
@@ -51,7 +51,7 @@
 
 close NETSTAT;
 
-open FSTAT, "fstat |" or die "'fstat' failed: $!\n";
+open FSTAT, "/usr/bin/fstat |" or die "'fstat' failed: $!\n";
 
 while (<FSTAT>) {
     ($user, $cmd, $pid, $fd, $inet, $type, $proto, $sock) = split;

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->des 
Responsible-Changed-By: ru 
Responsible-Changed-When: Tue Aug 22 01:00:30 PDT 2000 
Responsible-Changed-Why:  
Over to maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=20775 
State-Changed-From-To: open->feedback 
State-Changed-By: des 
State-Changed-When: Wed Aug 30 02:19:20 PDT 2000 
State-Changed-Why:  
Fixed in -CURRENT, MFC candidate. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=20775 
State-Changed-From-To: feedback->closed 
State-Changed-By: des 
State-Changed-When: Sun Sep 17 13:03:29 PDT 2000 
State-Changed-Why:  
MFCed 

http://www.freebsd.org/cgi/query-pr.cgi?pr=20775 
>Unformatted:
