[6103] in Kerberos
Re: Telnet vulnerability--shared library loading
daemon@ATHENA.MIT.EDU (Richard Basch)
Thu Nov 2 07:39:30 1995
Date: Thu, 2 Nov 1995 07:27:36 -0500
To: michal@gortel.phys.ualberta.ca
Cc: kerberos@MIT.EDU
In-Reply-To: <47989s$oaa@pulp.ucs.ualberta.ca>
From: "Richard Basch" <basch@lehman.com>
We added ELF_LD_LIBRARY_PATH and AOUT_LD_LIBRARY_PATH solely because
there was a version of the ld.so that supported those names. When we
discovered it was only a beta version, we had contemplated not bothering
with those two names. The names that are now being used by the current
Linux ld.so are LD_ELF_LIBRARY_PATH and LD_AOUT_LIBRARY_PATH (which
follow the original rule). In addition, your patch will prohibit the
passing of environment variables such as OLD_FOO. I can envision that
there will be several OLD_xxx variable names that should be passed.
Richard Basch
Lehman Brothers, Inc.
(formerly at M.I.T., but still working on Kerberos)
On , 2-November-1995, "Michal Jaegermann" wrote to "kerberos@MIT.EDU" saying:
> Alain Knaff (knaff@ngulu.imag.fr) wrote:
> : Jon Lewis (jlewis@inorganic5.chem.ufl.edu) wrote:
> : : Run the supplied exploit test. My slackware based systems look very much
> : : like they are vulnerable...but probably won't be for long.
>
> I did. New environment was passed via login but after that apparently
> totally disregarded - which left my scratching my head a bit.
>
> : Or grep for Linux in the message. The article explicitely mentions
> : ELF_LD_LIBRARY_PATH and Linux
>
> I applied to my telnetd a patch similar one to one shown in an
> original annoucement but with
> (NULL == strstr(*cpp, "LD_"))
> instead of
> strncmp(*cpp, "LD_", 3)
> just to guard myself against various possible surprises. :-)
>
> Michal
