[6110] in Kerberos
Re: Telnet vulnerability--shared library loading
daemon@ATHENA.MIT.EDU (Casper H.S. Dik - Network Security)
Thu Nov 2 11:47:30 1995
To: kerberos@MIT.EDU
Date: 2 Nov 1995 16:05:39 GMT
From: Casper.Dik@Holland.Sun.COM (Casper H.S. Dik - Network Security Engineer)
mkl@rob.cs.tu-bs.de (Mario Klebsch DG1AM) writes:
>This has been a problem before. But I heared, they remove the LD_* env
>variables now, when an suid root executable is started. Perhaps it
>cannot determine, it is suid root, when it is started as root. But
>then, running telnetd as nobody would cure the problem, wouldn't it?
Running telnetd as nobody won't really work, but it would fix the problem.
But, to restate: there's no problem with *any* SunOS release other
than some 2.5 beta versions.
BTW, I'm much more inclined to remove the set-uid bit from login, not
that that would fix this problem, but it would break running telnetd
as nobody for sure.
And yes, the problem with LD_PRELOAD is that set-uid executables run
by as the set-ui dto user won't recognise being set-uid.
Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
