Bugtraq mailing list archives
Re: Does the shared lib bug work on any suid program ?
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Fri, 3 Nov 1995 22:24:58 -0500
[...dynamic loaders vs setuid programs...]
Or am I missing something ?
FreeBSD does this in ld.so:
/* Get user and group identifiers */ uid = getuid(); euid = geteuid(); gid = getgid(); egid = getegid(); careful = (uid != euid) || (gid != egid); if (careful) { unsetenv("LD_LIBRARY_PATH"); unsetenv("LD_PRELOAD"); }
This works unless the suid program is run with root as the real user as is the case for telnetd.
Or the variable exists multiple times in the environment and unsetenv() isn't careful to get them all. Didn't we just recently hear about a loadmodule patch that didn't work because it did something like this with IFS, only it _didn't_ take care to get all of them? der Mouse mouse () collatz mcrcim mcgill edu
Current thread:
- Re: Does the shared lib bug work on any suid program ? der Mouse (Nov 03)
- <Possible follow-ups>
- Re: Does the shared lib bug work on any suid program ? Gilles Soulet (Nov 06)
- Re: Does the shared lib bug work on any suid program ? Casper Dik (Nov 08)
- Re: Does the shared lib bug work on any suid program ? Darren Reed (Nov 09)
- Re: Does the shared lib bug work on any suid program ? Mark D Riggins (Nov 10)
- Re: Does the shared lib bug work on any suid program ? Casper Dik (Nov 08)