[475] in linux-security and linux-alert archive
Thread on telnet, $LD_LIBRARY_PATH security problems.
daemon@ATHENA.MIT.EDU (Jeff Uphoff)
Wed Nov 8 23:35:43 1995
Date: Wed, 8 Nov 1995 23:17:36 -0500
From: Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
To: linux-security@tarsier.cv.nrao.edu
-----BEGIN PGP SIGNED MESSAGE-----
There has been quite a flood of list traffic on this thread, as I'm sure
most of you have noticed by now...
In order to try to reduce the traffic volume, I am now no longer going
to approve posts that solely reiterate fun behavioral aspects of ld.so,
strace, telnet, etc., based on such things as setuid and setgid
attributes, as well as posts that only say "I can't duplicate this,"
"I've found this neat trick that I can do with $LD_LIBRARY_PATH," etc.
These subjects are really starting to get beaten to death!
If you find something that truly looks like a new hole or
previously-unmentioned security issue, I'll forward it to the list. But
issues that appear to be solely due to buggy behavior from ld.so,
$LD_LIBRARY_PATH, and the like, should probably be taken to the
linux-gcc@vger.rutgers.edu list, which is concerned with the development
of the compilers, libraries, and the like for Linux.
Many posts that I have received on this issue appear to have been
personal responses to previous posts, with the linux-security list CC:'d
on the message. I won't be approving any more of these either--unless
they really have some interesting information in them that I think the
over 1200 people on the linux-security list would be interested in.
- --Up.
P.S. Those that remember the early days of these lists probably remember
the great shadow password thread that went wild, would not die, and
annoyed several people (including some rather prominent ones) to the
point that they unsubscribed from the lists. I'm trying to prevent a
repeat of that now by tightening the moderation criteria in the same way
that I did then.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMKGAy7xzFUpUTHgFAQGnLAP+NU9UnmpDd+DZ3Z6omoLJU6Pbr4qcELfl
51eSeYM2aki3n9MqBD3BLx7iNV7Wv2C1T3DcLeN/oU/PTsungVXQkhoASFHmsJa8
VVbaBRMFJMxvlF5x4ysibauIwW2FS7SqRWJuc7npGjQ4+D52vD4PqUKdppRDGnNI
Z7oIgScsAkM=
=r3BX
-----END PGP SIGNATURE-----
--
Jeff Uphoff - systems/network admin. | juphoff@nrao.edu
National Radio Astronomy Observatory | jeff.uphoff@linux.org
Charlottesville, VA, USA | http://linux.nrao.edu/~juphoff/
