Bugtraq mailing list archives
Re: Does the shared lib bug work on any suid program ?
From: mdr () vodka sse att com (Mark D Riggins)
Date: Fri, 10 Nov 1995 12:54:12 -0500
Gillus writes:
Testing if (EUID != UID) before using env variables for dynamic linking is obviously a good point. But what about testing if EUID or UID equal to zero as well ? Indeed, there are few situations where you want root to run a program with custom library path : root has to be sure about the code it executes. Root trusting "foreign" libraries isn't certainly a good thing, even if on some systems, standard dynamic libraries belongs to "bin" in vendor's configuration ;-) At least, this will prevent us of taking care about trojaned library path is root env... Gillus
Good point, I'd prefer that root limit its search path to trusted directories like /usr/lib, /etc/lib, /usr/securelibs etc. It could do that without totally ignoring LD_LIBRARY_PATH, which is an otherwise useful feature. Setting LD_RUN_PATH at compile time can cause the run time linker to give precedence to these secure directories, but it does not limit the search to these and only these directories Mark Riggins Secure Systems Engineering AT&T Bell Labs
Current thread:
- Re: Does the shared lib bug work on any suid program ? der Mouse (Nov 03)
- <Possible follow-ups>
- Re: Does the shared lib bug work on any suid program ? Gilles Soulet (Nov 06)
- Re: Does the shared lib bug work on any suid program ? Casper Dik (Nov 08)
- Re: Does the shared lib bug work on any suid program ? Darren Reed (Nov 09)
- Re: Does the shared lib bug work on any suid program ? Mark D Riggins (Nov 10)
- Re: Does the shared lib bug work on any suid program ? Casper Dik (Nov 08)