Bugtraq mailing list archives
Re: Does the shared lib bug work on any suid program ?
From: avalon () coombs anu edu au (Darren Reed)
Date: Fri, 10 Nov 1995 00:32:51 +1100
In some mail from Casper Dik, sie said:
Testing if (EUID != UID) before using env variables for dynamic linking is obviously a good point. But what about testing if EUID or UID equal to zero as well ? Indeed, there are few situations where you want root to run a program with custom library path : root has to be sure about the code it executes.Too many people install broken software and want to run it as root (broken == requires LD_LIBRARY_PATH to be set).
[...] A good way around this is installing "extra" shared libraries in another directory (not /usr/lib) and in your rc files, change ldconfig to be something like: ldconfig /usr/lib /usr/openwin/lib /usr/X11/lib /usr/local/lib or ldconfig /usr/lib /opt/lib etc. darren
Current thread:
- Re: Does the shared lib bug work on any suid program ? der Mouse (Nov 03)
- <Possible follow-ups>
- Re: Does the shared lib bug work on any suid program ? Gilles Soulet (Nov 06)
- Re: Does the shared lib bug work on any suid program ? Casper Dik (Nov 08)
- Re: Does the shared lib bug work on any suid program ? Darren Reed (Nov 09)
- Re: Does the shared lib bug work on any suid program ? Mark D Riggins (Nov 10)
- Re: Does the shared lib bug work on any suid program ? Casper Dik (Nov 08)