Bugtraq mailing list archives
Re: Does the shared lib bug work on any suid program ?
From: casper () Holland Sun COM (Casper Dik)
Date: Wed, 8 Nov 1995 10:20:17 +0100
Testing if (EUID != UID) before using env variables for dynamic linking is obviously a good point. But what about testing if EUID or UID equal to zero as well ? Indeed, there are few situations where you want root to run a program with custom library path : root has to be sure about the code it executes.
Too many people install broken software and want to run it as root (broken == requires LD_LIBRARY_PATH to be set). So while in theory a good thing, in practice it is not. And it's also why su, login and sendmail strip dangerous LD_* variables.
Root trusting "foreign" libraries isn't certainly a good thing, even if on some systems, standard dynamic libraries belongs to "bin" in vendor's configuration ;-)
Agreed. (Yes, I know Solaris 2.x does that too, so don't complain to me about it) Casper
Current thread:
- Re: Does the shared lib bug work on any suid program ? der Mouse (Nov 03)
- <Possible follow-ups>
- Re: Does the shared lib bug work on any suid program ? Gilles Soulet (Nov 06)
- Re: Does the shared lib bug work on any suid program ? Casper Dik (Nov 08)
- Re: Does the shared lib bug work on any suid program ? Darren Reed (Nov 09)
- Re: Does the shared lib bug work on any suid program ? Mark D Riggins (Nov 10)
- Re: Does the shared lib bug work on any suid program ? Casper Dik (Nov 08)