Date: Mon, 4 Aug 1997 23:50:32 +0200 From: j@uriah.heep.sax.de (J Wunsch) To: marcs@znep.com (Marc Slemko) Cc: freebsd@atipa.com (Atipa), jonz@netrail.net (Jonathan A. Zdziarski), ports@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: SetUID Message-ID: <19970804235032.NS48816@uriah.heep.sax.de> In-Reply-To: <Pine.BSF.3.95.970804150403.27439W-100000@alive.znep.com>; from Marc Slemko on Aug 4, 1997 15:07:36 -0600 References: <Pine.BSF.3.91.970804145336.11294A-100000@dot.ishiboo.com> <Pine.BSF.3.95.970804150403.27439W-100000@alive.znep.com>
next in thread | previous in thread | raw e-mail | index | archive | help
As Marc Slemko wrote: > You are being very naive. You can do an awful lot with environment > variables. What would happen if you set ENV before running your wrapper? > /bin/sh would see it and execute whatever is in the file it points to. No longer. $ENV should only be evaluated for interactive shells. Recent versions of FreeBSD's /bin/sh handle it this way (but probably not the version of the guy who's been asking here). > What if you set one of a couple of LD_* environment variables? The loader > would see them and use whatever they point to. But that's a right point, indeed. The loader will ignore these variables for the wrapper, but not for the called executables. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970804235032.NS48816>