Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_4

Bugtraq archives for 4th quarter (Oct-Dec) 1995: Re: Does the shared lib bug work on any suid program ?

Re: Does the shared lib bug work on any suid program ?

Fred Blonder (fredNASIRC.HQ.NASA.GOV)
Fri, 3 Nov 1995 17:18:10 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John Capo: "Re: Does the shared lib bug work on any suid program ?"
Previous message: Scott Barman: "Re: a point is being missed"
In reply to: Bernd Lehle: "Does the shared lib bug work on any suid program ?"
Next in thread: John Capo: "Re: Does the shared lib bug work on any suid program ?"

        From: Bernd Lehle <Bernd.LehleRUS.Uni-Stuttgart.DE>

        after all the fuzz about the telnet/shared lib stuff somebody
        here came up with something that might be even more
        interesting:

        What woul hapen in the following case:

        .

        This game could be played with any suid program, where You know
        what routines it calls.

        Or am I missing something ?

You're missing something.

The dynamic linker won't pay attention to the LD_-whatever environment
variables if a program is set-uid: (real and effective UIDs different).

This is a problem with /bin/login only because it runs as "root"
withOUT being set-uid; real and effective UIDs are the same.

Next message: John Capo: "Re: Does the shared lib bug work on any suid program ?"
Previous message: Scott Barman: "Re: a point is being missed"
In reply to: Bernd Lehle: "Does the shared lib bug work on any suid program ?"
Next in thread: John Capo: "Re: Does the shared lib bug work on any suid program ?"