Re: Does the shared lib bug work on any suid program ?

casperHolland.Sun.COM

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Tim Cook: "Re: FW: WinNews Special Issue"
• Previous message: Scott Barman: "Re: SunOS syslog() fix, finally..."
• In reply to: Gilles Soulet: "Re: Does the shared lib bug work on any suid program ?"
• Next in thread: Darren Reed: "Re: Does the shared lib bug work on any suid program ?"

>Testing if (EUID != UID) before using env variables for dynamic
>linking is obviously a good point. But what about testing
>if EUID or UID equal to zero as well ? Indeed, there are
>few situations where you want root to run a program with
>custom library path : root has to be sure about the code it executes.

Too many people install broken software and want to run it
as root (broken == requires LD_LIBRARY_PATH to be set).

So while in theory a good thing, in practice it is not.

And it's also why su, login and sendmail strip dangerous LD_* variables.

>Root trusting "foreign" libraries isn't certainly a good thing, even
>if on some systems, standard dynamic libraries belongs to "bin" in
>vendor's configuration ;-)

Agreed.  (Yes, I know Solaris 2.x does that too, so don't complain
to me about it)

Casper

• Next message: Tim Cook: "Re: FW: WinNews Special Issue"
• Previous message: Scott Barman: "Re: SunOS syslog() fix, finally..."
• In reply to: Gilles Soulet: "Re: Does the shared lib bug work on any suid program ?"
• Next in thread: Darren Reed: "Re: Does the shared lib bug work on any suid program ?"