[2374] in bugtraq
Re: Does the shared lib bug work on any suid program ?
daemon@ATHENA.MIT.EDU (Casper Dik)
Thu Nov 9 00:46:37 1995
Date: Wed, 8 Nov 1995 10:20:17 +0100
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Casper Dik <casper@Holland.Sun.COM>
X-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: Your message of "Mon, 06 Nov 1995 10:45:57 +0100."
<199511060945.KAA00352@imhotep.cst.cnes.fr>
>Testing if (EUID != UID) before using env variables for dynamic
>linking is obviously a good point. But what about testing
>if EUID or UID equal to zero as well ? Indeed, there are
>few situations where you want root to run a program with
>custom library path : root has to be sure about the code it executes.
Too many people install broken software and want to run it
as root (broken == requires LD_LIBRARY_PATH to be set).
So while in theory a good thing, in practice it is not.
And it's also why su, login and sendmail strip dangerous LD_* variables.
>Root trusting "foreign" libraries isn't certainly a good thing, even
>if on some systems, standard dynamic libraries belongs to "bin" in
>vendor's configuration ;-)
Agreed. (Yes, I know Solaris 2.x does that too, so don't complain
to me about it)
Casper
