Bugtraq mailing list archives
Re: /dev/tcp, and a LD_LIBRARY_PATH question.
From: jkb () mrc-lmb cam ac uk (Bonfield James)
Date: Tue, 6 Dec 94 8:51:17 WET
Doug Hughes wrote:
If I recall correctly, (I could be wrong), was the original discussion about sudo? If so, why not statically link it? (I'm not discounting the importance of the LD_* problem).
This is not the problem. For setuid programs the LD_* variables will be ignored. This ought to be true on all systems (although a very early release (BL10 I think) of DEC OSF/1 had this bug). The check is done by looking at real and effective uids (and gids) to see whether they're the same. However the problem arises when the program sets the two uids to be the same and then executes another program. In this case the LD_* problem will exist again as the child process will pass the above test. This caused problems for sudo, login -p, su, lpr, sendmail (programs in .forward files) and probably more. As I recall SunOS4.1.3 fixed this - presumably by removing the LD_* variables when the test above fail, although I haven't checked this. James -- James Bonfield (jkb () mrc-lmb cam ac uk) Tel: 0223 402266 Fax: 0223 412282 Medical Research Council - Laboratory of Molecular Biology, Hills Road, Cambridge, CB2 2QH, England.
Current thread:
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. hoodr () hoodr slip netcom com (Dec 02)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Rens Troost (Dec 03)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Pat Myrto (Dec 03)
- <Possible follow-ups>
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. jim () Tadpole COM (Dec 02)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Ken Descoteaux (Dec 05)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Casper Dik (Dec 06)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Doug Hughes (Dec 05)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Bonfield James (Dec 06)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Todd C. Miller (Dec 06)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Bonfield James (Dec 06)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. hoodr () hoodr slip netcom com (Dec 05)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. James R. Ault (Dec 06)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Pat Myrto (Dec 07)
- AOL Provided Programs Michael S. Hines (Dec 07)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Rens Troost (Dec 03)