Bugtraq mailing list archives
Re: /dev/tcp, and a LD_LIBRARY_PATH question.
From: rhaas () cygnus arc nasa gov (Robert M. Haas)
Date: Sat, 03 Dec 1994 18:42:21 -0800
A better solution is to smash the _entire_ environment flat, except for specific ones, such as TZ, that can be reasonably assumed to be safe (I hope - anyone broken into a system with the TZ variable? :-)
I'm not even sure this is sufficient. This only works if LD_LIBRARY_PATH is not consulted until after you squash the environment. Is this true? (If not, you'd have to write a statically linked program to squash the environment and then exec() the real executable...) ...Robert
Current thread:
- Full Disclosure works, here's proof: Christopher Klaus (Nov 30)
- Re: Full Disclosure works, here's proof: Casper Dik (Dec 02)
- Re: Full Disclosure works, here's proof: Christopher Klaus (Dec 02)
- RE: Question... CUNNINGHAM () B PSC EDU (Dec 02)
- empty messages? Breakdown (Dec 02)
- Re: empty messages? Walker Aumann (Dec 02)
- /dev/tcp, and a LD_LIBRARY_PATH question. That Whispering Wolf... (Dec 02)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. anthony baxter (Dec 03)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Robert M. Haas (Dec 03)
- full disclosure list clarification Pete Hartman (Dec 02)
- Re: Full Disclosure works, here's proof: Casper Dik (Dec 02)
- pt_chmod carson () lehman com (Dec 02)
- Re: pt_chmod Karl Strickland (Dec 02)
- mktemp.. *Hobbit* (Dec 02)
- bugtraq list problems (resolved?) Admin/Support (Dec 02)
- full-disclosure list Pete Hartman (Dec 02)
- <Possible follow-ups>
- Re: Full Disclosure works, here's proof: Christopher Klaus (Dec 03)
- Re: Full Disclosure works, here's proof: Bela Lubkin (Dec 03)
- Re: Full Disclosure works, here's proof: Karl Strickland (Dec 04)
- Re: Full Disclosure works, here's proof: Paul 'Shag' Walmsley (Dec 04)
- Re: Full Disclosure works, here's proof: Karl Strickland (Dec 04)