Bugtraq mailing list archives

Re: /dev/tcp, and a LD_LIBRARY_PATH question.

From: rhaas () cygnus arc nasa gov (Robert M. Haas)
Date: Sat, 03 Dec 1994 18:42:21 -0800

A better solution is to smash the _entire_ environment flat, except for
specific ones, such as TZ, that can be reasonably assumed to be safe (I
hope - anyone broken into a system with the TZ variable? :-)


I'm not even sure this is sufficient. This only works if LD_LIBRARY_PATH
is not consulted until after you squash the environment. Is this true? 

(If not, you'd have to write a statically linked program to squash the
environment and then exec() the real executable...)

...Robert

Current thread:

Full Disclosure works, here's proof: Christopher Klaus (Nov 30)
- Re: Full Disclosure works, here's proof: Casper Dik (Dec 02)
  - Re: Full Disclosure works, here's proof: Christopher Klaus (Dec 02)
  - RE: Question... CUNNINGHAM () B PSC EDU (Dec 02)
  - empty messages? Breakdown (Dec 02)
    - Re: empty messages? Walker Aumann (Dec 02)
  - /dev/tcp, and a LD_LIBRARY_PATH question. That Whispering Wolf... (Dec 02)
    - Re: /dev/tcp, and a LD_LIBRARY_PATH question. anthony baxter (Dec 03)
    - Re: /dev/tcp, and a LD_LIBRARY_PATH question. Robert M. Haas (Dec 03)
  - full disclosure list clarification Pete Hartman (Dec 02)
- pt_chmod carson () lehman com (Dec 02)
  - Re: pt_chmod Karl Strickland (Dec 02)
  - mktemp.. *Hobbit* (Dec 02)
- bugtraq list problems (resolved?) Admin/Support (Dec 02)
- full-disclosure list Pete Hartman (Dec 02)
- <Possible follow-ups>
- Re: Full Disclosure works, here's proof: Christopher Klaus (Dec 03)
- Re: Full Disclosure works, here's proof: Bela Lubkin (Dec 03)
  - Re: Full Disclosure works, here's proof: Karl Strickland (Dec 04)
    - Re: Full Disclosure works, here's proof: Paul 'Shag' Walmsley (Dec 04)

(Thread continues...)