Re: ld.so bug - LD_DEBUG_OUTPUT follows symlinks

[Jakub Vlasek <jv () PILSEDU CZ>]

On Tue, 26 Sep 2000, Dwayne C . Litzenberger wrote:

> On Tue, Sep 26, 2000 at 02:11:12AM +0200, Jakub Vlasek wrote:
> > Hi,
> >    ld.so from glibc2 doesn't unset variables LD_DEBUG_OUTPUT and LD_DEBUG
> > when running suid. If program calls setuid(0) and then fork(), child
> > process will follow prepared symlink ($LD_DEBUG_OUTPUT.$pid) and
> > overwrites any file in system.
>
> I could not reproduce this.
>
> When I run the suid program, LD_DEBUG still works (odd, but true), but
> LD_DEBUG_OUTPUT seems to be ignored (output goes to the terminal).  What
> version of glibc2 were you using?  (I am using Debian libc6 (a.k.a. glibc2)
> version 2.1.3-10.)
>
> --
> Dwayne C. Litzenberger - dlitz () cheerful com

[jv] ~/x export LD_DEBUG=libs LD_DEBUG_OUTPUT=/home/jv/x/debug
[jv] ~/x ls -l
-rw-rw-r--    1 jv       jv            308 Sep 27 11:40 debug.22810
[jv] ~/x su
 (LD_DEBUG_OUTPUT ignored, data written to terminal)
Password:
[root] /home/jv/x ls -l
-rw-rw-r--    1 jv       jv            308 Sep 27 11:40 debug.22810
-rw-rw-r--    1 root     root         1850 Sep 27 11:41 debug.22812
-rw-r--r--    1 root     root          374 Sep 27 11:41 debug.22819
-rw-r--r--    1 root     root          308 Sep 27 11:41 debug.22820 <- can
be symlink

I'm using glibc-2.1.3-10 on debian.

JV