Bugtraq mailing list archives

Re: /dev/tcp, and a LD_LIBRARY_PATH question.

From: rwing!pat () ole cdac com (Pat Myrto)
Date: Wed, 7 Dec 94 4:40:33 PST


"In the previous message, James R. Ault said..."

Its a good idea to write a routine to scrub *ALL* LD_* environment
varibles first thing in any SUID program.  ESPECIALLY any that
exec's another program with any kind of privilege.


The LD_* variables don't affect statically linked binaries, do they?


No, but the program the SUID program in turn execs may *not* be statically
linked.  I would put the scrubbing code in, on general principles, since
it is small, and because the problem is in the programs the SUID process
exec's, not in the SUID program itself (assuming the OS is operating
properly).


-- 
pat@rwing  [If all fails, try:  rwing!pat () eskimo com]  Pat Myrto - Seattle WA
"No one has the right to destroy another person's belief by demanding
empirical evidence."  --   Ann Landers, nationally syndicated advice columnist
and Director at Handgun Control Inc.

Current thread:

Re: /dev/tcp, and a LD_LIBRARY_PATH question., (continued)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Rens Troost (Dec 03)
  - Re: /dev/tcp, and a LD_LIBRARY_PATH question. Pat Myrto (Dec 03)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. jim () Tadpole COM (Dec 02)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Ken Descoteaux (Dec 05)
  - Re: /dev/tcp, and a LD_LIBRARY_PATH question. Casper Dik (Dec 06)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Doug Hughes (Dec 05)
  - Re: /dev/tcp, and a LD_LIBRARY_PATH question. Bonfield James (Dec 06)
    - Re: /dev/tcp, and a LD_LIBRARY_PATH question. Todd C. Miller (Dec 06)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. hoodr () hoodr slip netcom com (Dec 05)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. James R. Ault (Dec 06)
  - Re: /dev/tcp, and a LD_LIBRARY_PATH question. Pat Myrto (Dec 07)
  - AOL Provided Programs Michael S. Hines (Dec 07)