Bugtraq mailing list archives

Re: IFS hole?

From: abeckett () fmlrnd co uk (abeckett () fmlrnd co uk)
Date: Wed, 15 Dec 93 16:02:11 GMT

abeckett () fmlrnd co uk has said


However, I agree with Peter that the LD_LIBRARY_PATH could be abused,
but this is likely to be a general problem and not just one to do with
programs that exec other programs.


It's not like it *COULD* be abused. Every man and his dog can abuse it.
Give me SunOS, shared libraries & LD_* crap, I will give you root access,
or something. sekurity.

-- Jonathan


Just my "quaint" English way of saying things. Of course it can be abused.

Andrew.

***********************************************************************
* Andrew Beckett                  *                                   *
* Senior Design Engineer          *                                   *
* Fujitsu Microelectronics Ltd    *                                   *
* Highway House                   * phone    : (0628) 71116           *
* Norreys Drive                   * fax      : (0628) 773990          *
* Maidenhead. Berks SL6 4BW       * email    : a.beckett () fmlrnd co uk *
***********************************************************************

Current thread:

Re: IFS hole? Yonathan (Dec 15)
- Re: IFS hole? abeckett () fmlrnd co uk (Dec 15)
- <Possible follow-ups>
- Re: IFS hole? mark kraitchman (Dec 15)
  - Re: IFS hole? Greg Woods (Dec 15)
  - IFS hole? Karyn Pichnarczyk (Dec 15)
- Re: IFS hole? henry strickland (Dec 15)
- Re: IFS hole? Peter shipley (Dec 15)
- Re: IFS hole? Rik Harris (Dec 15)
- Re: IFS hole? Christopher Davis (Dec 17)