[490] in linux-security and linux-alert archive
telnetd/ld.so security hole.
daemon@ATHENA.MIT.EDU (Christopher Blizzard)
Mon Nov 13 13:51:06 1995
To: linux-security@tarsier.cv.nrao.edu
Date: Mon, 13 Nov 1995 10:06:10 -0500
From: Christopher Blizzard <cdblizza@mailbox.syr.edu>
For those of you that this was a concern for, here is
an excerpt from the README for ld.so 1.7.10:
Changes in version 1.7.6:
Fixed a bug in ld-linux.so dealing with a zero-length
LD_{ELF_}PRELOAD.
Changed ld.so and ld-linux.so to truncate all variations
of LD_PRELOAD and LD_LIBRARY_PATH for set[ug]id programs.
--------
-------------------------------------------------------------------------
Christopher Blizzard | "The truth knocks on the door and you say
cdblizza@mailbox.syr.edu| 'Go away. I'm looking for the truth,' and
| so it goes away." --Robert Pirsig
-------------------------------------------------------------------------
