[479] in linux-security and linux-alert archive
Re: telnetd hole
daemon@ATHENA.MIT.EDU (Steve \"Stevers!\" Coile)
Thu Nov 9 11:26:50 1995
Date: Thu, 9 Nov 1995 07:41:11 -0500 (EST)
From: "Steve \"Stevers!\" Coile" <scoile@gmu.edu>
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <23472.815746179@kiha>
On Tue, 7 Nov 1995, David Hedley wrote:
> It seems to me that the crux of the problem lies with what the
> LD_LIBRARY_PATH (and others) are supposed to do.
>
> IMHO LD_LIBRARY_PATH should be used only to specify _additional_ libraries,
> over and above those given in /etc/ld.so.conf. In this way it wouldn't
> matter what it was set to as libraries in /lib, /usr/lib etc will always be
> searched first. After all, the only times you wants to _replace_ the
> standard library is when you are either cracking the system, or developing
> a new library.
There's always the possbility that some user may want to use a custom
library because it suits their needs or wants. I'd rather a solution
was developed that allowed that to occur, a solution that preserves as
many freedoms as possible.
The problem, as I understand it, is that the loader will honor the
LD_LIBRARY_PATH value when loading privileged programs. Does anyone
really object to honoring LD_LIBRARY_PATH when loading unprivileged
programs?
My preference would be for the loader to follow this algorithm:
if ( program is privileged && user is not root ) then
ignore LD_LIBRARY_PATH
else
honor LD_LIBRARY_PATH
end if
You could even expand it so that:
if ( program is privileged ) then
if ( program is SUID and program is SGID ) then
if ( ( EUID == program owner's UID )
&& ( EGID == program owner's GID ) ) then
honor LD_LIBRARY_PATH
else
ignore LD_LIBRARY_PATH
fi
else if ( program is SUID ) then
if ( EUID == program owner's UID ) then
honor LD_LIBRARY_PATH
else
ignore LD_LIBRARY_PATH
end if
else
if ( EGID == program owner's GID ) then
honor LD_LIBRARY_PATH
else
ignore LD_LIBRARY_PATH
end if
end if
else
. . .
end if
[Mod: This is the last post regarding how $LD_LIBRARY_PATH et
al. *should* behave that I'm going to forward to linux-security.
Follow-ups on this thread should go to the linux-gcc@vger.rutgers.edu
list, which is also available via a mail-to-news gateway as the
linux.dev.gcc newsgroup (under the linux.* hierarchy, which is now
getting fairly good propagation through the "back channels" of USENET).
If you would like a feed of the linux.* newsgroups to your site, let me
know at juphoff@nrao.edu and I'll try to point you to a nearby site that
carries/feeds it. --Jeff]
