[2351] in bugtraq
Re: Does the shared lib bug work on any suid program ?
daemon@ATHENA.MIT.EDU (Fred Blonder)
Fri Nov 3 21:22:25 1995
Date: Fri, 3 Nov 1995 17:18:10 -0500
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Fred Blonder <fred@NASIRC.HQ.NASA.GOV>
X-To: Bernd Lehle <Bernd.Lehle@rus.uni-stuttgart.de>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: Your message of "Fri, 03 Nov 1995 14:07:56 +0100."
<199511031307.OAA00824@visbl.rus.uni-stuttgart.de>
From: Bernd Lehle <Bernd.Lehle@RUS.Uni-Stuttgart.DE>
after all the fuzz about the telnet/shared lib stuff somebody
here came up with something that might be even more
interesting:
What woul hapen in the following case:
.
This game could be played with any suid program, where You know
what routines it calls.
Or am I missing something ?
You're missing something.
The dynamic linker won't pay attention to the LD_-whatever environment
variables if a program is set-uid: (real and effective UIDs different).
This is a problem with /bin/login only because it runs as "root"
withOUT being set-uid; real and effective UIDs are the same.
