[334] in bugtraq
Re: /dev/tcp, and a LD_LIBRARY_PATH question.
daemon@ATHENA.MIT.EDU (Robert M. Haas)
Sat Dec 3 23:57:14 1994
To: anthony.baxter@aaii.oz.au
Cc: "That Whispering Wolf..." <elfchief@lupine.org>, bugtraq@fc.net
In-Reply-To: Your message of "Sun, 04 Dec 1994 01:10:46 +1100."
<199412031410.BAA11344@alamein>
Date: Sat, 03 Dec 1994 18:42:21 -0800
From: "Robert M. Haas" <rhaas@cygnus.arc.nasa.gov>
> A better solution is to smash the _entire_ environment flat, except for
> specific ones, such as TZ, that can be reasonably assumed to be safe (I
> hope - anyone broken into a system with the TZ variable? :-)
I'm not even sure this is sufficient. This only works if LD_LIBRARY_PATH
is not consulted until after you squash the environment. Is this true?
(If not, you'd have to write a statically linked program to squash the
environment and then exec() the real executable...)
...Robert
