Bugtraq mailing list archives
Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.
From: Casper.Dik () Sun COM
Date: Thu, 23 Nov 2006 10:23:59 +0100
A class of security vulnerabilities has resurfaced in the dynamic loaders of FreeBSD, OpenBSD, and NetBSD in the sanitization of environment variables for suid and sgid binaries.
In Solaris we have long felt that the dynamic linker should not touch the environment; instead, the onus is on applications running setuid(0) and starting subprocesses to strip the appropriate environment variable (or better, set the environment to a sensible default) Various bugs of this sort have been fixed in Solaris over the years, in the set-uid programs. It is just one of the things set-uid program writes need to be aware of. As a number of set-uid applications start programs as the user later on, stripping such environment variables often has undesirably side-effects. Casper
Current thread:
- Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders. In Cognito (Nov 22)
- Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders. Casper . Dik (Nov 23)
- <Possible follow-ups>
- Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders. In Cognito (Nov 22)