[1071] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: RESOLV_HOST_CONF

daemon@ATHENA.MIT.EDU (Joshua Cowan)
Sun Aug 25 20:30:15 1996

Date: Sun, 25 Aug 1996 14:32:03 -0500
From: Joshua Cowan <jcowan@jcowan.reslife.okstate.edu>
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.94.960825004049.4817C-100000@newport.thirdwave.net>

>>>>> "REW" == Roger Wolff  <R.E.Wolff@et.tudelft.nl> writes:

    REW> I'd suggest either dropping priviliges before opening the file
    REW> or simply refusing to use the environment variables when euid
    REW> != uid (like the LD_LIBRARY_xx family).

I've done this.  The patch to ld.so 1.8.2 is included below; of course,
it won't help if your `ping', `traceroute', `rsh', etc., are statically
linked....

-- 
Joshua Cowan  <jcowan@hermit.reslife.okstate.edu> _____________________
http://hermit.reslife.okstate.edu/~jcowan/       |  Comp Sci Student
"Very funny, Scotty.  Now beam down my clothes." | OSU - Stillwater, OK
PGP key available from any PGP keyserver or by fingering above address.

diff -ru ld.so-1.8.2.orig/d-link/boot1.c ld.so-1.8.2/d-link/boot1.c
--- ld.so-1.8.2.orig/d-link/boot1.c	Mon Jun 17 21:11:16 1996
+++ ld.so-1.8.2/d-link/boot1.c	Sat Aug 24 07:28:47 1996
@@ -521,6 +521,9 @@
     }
     else
     {
+      /* A temporary hack to patch the resolver library bug.  --JC */
+      _dl_unsetenv ("RESOLV_HOST_CONF", envp);
+
       _dl_unsetenv("LD_PRELOAD", envp);
       _dl_unsetenv("LD_AOUT_PRELOAD", envp);
       _dl_preload = NULL;
diff -ru ld.so-1.8.2.orig/ld-so/ld.so.c ld.so-1.8.2/ld-so/ld.so.c
--- ld.so-1.8.2.orig/ld-so/ld.so.c	Tue May 28 20:05:13 1996
+++ ld.so-1.8.2/ld-so/ld.so.c	Sat Aug 24 07:29:45 1996
@@ -241,6 +241,8 @@
     }
     else
     {
+      unsetenv ("RESOLV_HOST_CONF");
+
       /* sorry, Charlie, I can't let you do that */
       unsetenv("LD_PRELOAD");
       unsetenv("LD_AOUT_PRELOAD");

home help back first fref pref prev next nref lref last post