|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Does the shared lib bug work on any suid program ?
der Mouse (mouse
Collatz.McRCIM.McGill.EDU)Fri, 3 Nov 1995 22:24:58 -0500
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Sam Hartman: "Re: a point is being missed"
- Previous message: Douglas Siebert: "Re: a point is being missed"
- Maybe in reply to: Bernd Lehle: "Does the shared lib bug work on any suid program ?"
- Next in thread: Justin Mason: "Re: Does the shared lib bug work on any suid program ?"
>> [...dynamic loaders vs setuid programs...]
>> Or am I missing something ?
> FreeBSD does this in ld.so:
> /* Get user and group identifiers */
> uid = getuid(); euid = geteuid();
> gid = getgid(); egid = getegid();
> careful = (uid != euid) || (gid != egid);
> if (careful) {
> unsetenv("LD_LIBRARY_PATH");
> unsetenv("LD_PRELOAD");
> }
> This works unless the suid program is run with root as the real user
> as is the case for telnetd.
Or the variable exists multiple times in the environment and unsetenv()
isn't careful to get them all. Didn't we just recently hear about a
loadmodule patch that didn't work because it did something like this
with IFS, only it _didn't_ take care to get all of them?
der Mouse
mousecollatz.mcrcim.mcgill.edu
- Next message: Sam Hartman: "Re: a point is being missed"
- Previous message: Douglas Siebert: "Re: a point is being missed"
- Maybe in reply to: Bernd Lehle: "Does the shared lib bug work on any suid program ?"
- Next in thread: Justin Mason: "Re: Does the shared lib bug work on any suid program ?"