Can you really trust a path?

[md () LINUX IT (Marco d'Itri)]

AFAIK no one suggested yet that trusted path implementations like the
ones in recent Phrack issues can be trivially broken with perl XS
modules. A step by step guide to convert your favourite exploits can be
found in perlxstut(1p).

Another way to execute your code in a trusted path environment is
exploiting the ability of some programs (e.g. BitchX) to link shared
objects at run time from a predefined set or even user-supplied ones.
libdl looks at $LD_LIBRARY_PATH too, so the user can supply his own
directory with a shared object containing arbitrary code.

--
ciao,
Marco