[16910] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

ld.so bug - LD_DEBUG_OUTPUT follows symlinks

daemon@ATHENA.MIT.EDU (Jakub Vlasek)
Tue Sep 26 02:02:46 2000

Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id:  <Pine.LNX.4.10.10009260121020.8586-100000@kronos>
Date:         Tue, 26 Sep 2000 02:11:12 +0200
Reply-To: Jakub Vlasek <jv@PILSEDU.CZ>
From: Jakub Vlasek <jv@PILSEDU.CZ>
To: BUGTRAQ@SECURITYFOCUS.COM

Hi,
   ld.so from glibc2 doesn't unset variables LD_DEBUG_OUTPUT and LD_DEBUG
when running suid. If program calls setuid(0) and then fork(), child
process will follow prepared symlink ($LD_DEBUG_OUTPUT.$pid) and
overwrites any file in system.

Jakub Vlasek


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[16910] in bugtraq

ld.so bug - LD_DEBUG_OUTPUT follows symlinks

daemon@ATHENA.MIT.EDU (Jakub Vlasek)Tue Sep 26 02:02:46 2000

daemon@ATHENA.MIT.EDU (Jakub Vlasek)
Tue Sep 26 02:02:46 2000