Bugtraq mailing list archives

Re: Does the shared lib bug work on any suid program ?

From: fred () NASIRC HQ NASA GOV (Fred Blonder)
Date: Fri, 3 Nov 1995 17:18:10 -0500


        From: Bernd Lehle <Bernd.Lehle () RUS Uni-Stuttgart DE>

        after all the fuzz about the telnet/shared lib stuff somebody
        here came up with something that might be even more
        interesting:

        What woul hapen in the following case:

        .

        This game could be played with any suid program, where You know
        what routines it calls.

        Or am I missing something ?

You're missing something.

The dynamic linker won't pay attention to the LD_-whatever environment
variables if a program is set-uid: (real and effective UIDs different).

This is a problem with /bin/login only because it runs as "root"
withOUT being set-uid; real and effective UIDs are the same.

Current thread:

Re: SunOS syslog() fix, finally..., (continued)
- - - Re: SunOS syslog() fix, finally... Casper Dik (Nov 13)
    - Re: SunOS syslog() fix, finally... Brett Lymn (Nov 13)
    - ufsrestore suid root not a security hole Sean Vickery (Nov 16)
    - Re: SunOS syslog() fix, finally... Casper Dik (Nov 17)
    - SGI Security Advisory 19951101 - telnetd SGI Security Coordinator (Nov 17)
    - SGI Security Advisory 19951101 - telnetd : UPDATE SGI Security Coordinator (Nov 17)
    - Re: SunOS syslog() fix, finally... Pug (Nov 10)
    - Turning dynamic into static? Lawrence R. Rogers (Nov 09)
- Re: Telnet attack on SGI Adam Shostack (Nov 02)
- Does the shared lib bug work on any suid program ? Bernd Lehle (Nov 03)
  - Re: Does the shared lib bug work on any suid program ? Fred Blonder (Nov 03)
  - Re: Does the shared lib bug work on any suid program ? John Capo (Nov 03)
  - Re: Does the shared lib bug work on any suid program ? Justin Mason (Nov 06)
- a point is being missed *Hobbit* (Nov 03)
  - Re: a point is being missed Scott Barman (Nov 03)
  - Re: a point is being missed John Stewart (Nov 03)
  - Re: a point is being missed Douglas Siebert (Nov 03)
    - Re: a point is being missed Richard Todd (Nov 04)
  - Re: a point is being missed Casper Dik (Nov 04)
- Re: Telnet attack on SGI Edwin Kremer (Nov 09)
  - Re: Telnet attack on SGI Edwin Kremer (Nov 10)

(Thread continues...)