Date: Tue, 24 Oct 1995 01:39:38 +0300 (MSK) From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) <ache@astral.msk.su> To: ache@freefall.freebsd.org, John Polstra <jdp@polstra.com> Cc: freebsd-hackers@freebsd.org Subject: Re: ld.so, LD_NOSTD_PATH, and suid/sgid programs Message-ID: <Aagc1ZmOzJ@ache.dialup.demos.ru> In-Reply-To: <m0t7SFB-000078C@seattle.polstra.com>; from John Polstra at Mon, 23 Oct 95 12:09 PDT References: <m0t7SFB-000078C@seattle.polstra.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <m0t7SFB-000078C@seattle.polstra.com> John Polstra writes: >Can you see a security reason for disabling LD_NOSTD_PATH for suid/sgid >programs? If not, I think that the recent change should be removed from >rtld.c. In this case I keep in mind some shell script execution which calls setuid programs. By setiing LD_NOSTD_PATH user allows such programs easily fails, it is clear. Here can be very unpleasant side effect that usually shell scripts not expects setuid programs failing for such reasons and have lack of error traping at this point. It can leads to unpredictable things in shell script execution flow. -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - http://dt.demos.su/~ache : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Aagc1ZmOzJ>