[389] in bugtraq
Re: /dev/tcp, and a LD_LIBRARY_PATH question.
daemon@ATHENA.MIT.EDU (Todd C. Miller)
Tue Dec 6 16:54:16 1994
To: Bonfield James <jkb@mrc-lmb.cam.ac.uk>
Reply-To: Todd.Miller@cs.colorado.edu
Cc: Doug.Hughes@eng.auburn.edu, bugtraq@fc.net
In-Reply-To: Your message of "Tue, 06 Dec 1994 08:51:17 +0700."
<9412060851.AA27261@al.mrc-lmb.cam.ac.uk>
Date: Tue, 06 Dec 1994 11:44:42 -0700
From: "Todd C. Miller" <Todd.Miller@cs.colorado.edu>
In message <9412060851.AA27261@al.mrc-lmb.cam.ac.uk>
so spake Bonfield James (jkb):
> Doug Hughes wrote:
>
> >If I recall correctly, (I could be wrong), was the original discussion
> >about sudo? If so, why not statically link it? (I'm not discounting
> >the importance of the LD_* problem).
>
> This is not the problem. For setuid programs the LD_* variables will be
> ignored. This ought to be true on all systems (although a very early release
> (BL10 I think) of DEC OSF/1 had this bug). The check is done by looking at
> real and effective uids (and gids) to see whether they're the same.
>
> However the problem arises when the program sets the two uids to be the same
> and then executes another program. In this case the LD_* problem will exist
> again as the child process will pass the above test. This caused problems for
>
> sudo, login -p, su, lpr, sendmail (programs in .forward files) and probably
> more. As I recall SunOS4.1.3 fixed this - presumably by removing the LD_*
> variables when the test above fail, although I haven't checked this.
Exactly. However, current versions of sudo remove LD_* (and equivalents on
different OS's). The lastest sudo may always be found on ftp.cs.colorado.edu
as /pub/sysadmin/utilities/cu-sudo*.Z. The current version is 1.3.1pl4,
pl5 will be out as soon as I have time to clean up a few things.
- todd
