Bugtraq mailing list archives
Re: LD_ hole (was Re: IFS hole?)
From: rik () vifp monash edu au (Rik Harris)
Date: Thu, 16 Dec 1993 14:14:01 +1100
Michael Neuman <mcn () c3serve c3 lanl gov> wrote:
c) delete any environment varable that begins with LD_Most people have said this for obvious reasons, but the ld manpage says that will not search anything (for suid binaries) other than the trusted paths for dynamically linked libraries even if LD_LIBRARY_PATH is set. Is this statement false? Is there a way around it? Is LD_PRELOAD_PATH documented anywhere? :-)
The problem is when that suid program calls any other program, keeping privileges, the LD_* variables _are_ used. ld.so will ignore LD_* if the effective uid is not equal to the real uid. rik. -- Rik Harris - rik.harris () vifp monash edu au || Systems Programmer +61 3 560-3265 (AH) +61 3 565-3227 (BH) || and Administrator Fac. of Computing & Info.Tech., Monash Uni, Australia || Vic. Institute of http://www.vifp.monash.edu.au/people/rik.html || Forensic Pathology
Current thread:
- LD_ hole (was Re: IFS hole?) Michael Neuman (Dec 15)
- Re: LD_ hole (was Re: IFS hole?) smb () research att com (Dec 15)
- Re: LD_ hole (was Re: IFS hole?) Rik Harris (Dec 15)
- The LD_* vars (was Re: LD_ hole) Justin Mason (Dec 16)
- <Possible follow-ups>
- Re: LD_ hole (was Re: IFS hole?) Howie Kaye (Dec 15)