From owner-freebsd-hackers  Mon Oct 23 15:42:34 1995
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id PAA03216
          for hackers-outgoing; Mon, 23 Oct 1995 15:42:34 -0700
Received: from sequent.kiae.su (sequent.kiae.su [144.206.136.6])
          by freefall.freebsd.org (8.6.12/8.6.6) with SMTP id PAA03211
          for <freebsd-hackers@freebsd.org>; Mon, 23 Oct 1995 15:42:26 -0700
Received: by sequent.kiae.su id AA17295
  (5.65.kiae-2 ); Tue, 24 Oct 1995 02:40:13 +0400
Received: by sequent.KIAE.su (UUMAIL/2.0); Tue, 24 Oct 95 02:40:13 +0300
Received: (from ache@localhost) by ache.dialup.demos.ru (8.6.11/8.6.9) id BAA05102; Tue, 24 Oct 1995 01:39:38 +0300
To: ache@freefall.freebsd.org, John Polstra <jdp@polstra.com>
Cc: freebsd-hackers@freebsd.org
References: <m0t7SFB-000078C@seattle.polstra.com>
In-Reply-To: <m0t7SFB-000078C@seattle.polstra.com>;
    from John Polstra at Mon, 23 Oct 95 12:09 PDT
Message-Id: <Aagc1ZmOzJ@ache.dialup.demos.ru>
Organization: Olahm Ha-Yetzirah
Date: Tue, 24 Oct 1995 01:39:38 +0300 (MSK)
X-Mailer: Mail/@ [v2.40 FreeBSD]
From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?=
    (aka Andrey A. Chernov, Black Mage) <ache@astral.msk.su>
X-Class: Fast
Subject: Re: ld.so, LD_NOSTD_PATH, and suid/sgid programs
Lines: 20
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Length: 921
Sender: owner-hackers@freebsd.org
Precedence: bulk

In message <m0t7SFB-000078C@seattle.polstra.com> John Polstra writes:

>Can you see a security reason for disabling LD_NOSTD_PATH for suid/sgid
>programs?  If not, I think that the recent change should be removed from
>rtld.c.

In this case I keep in mind some shell script execution which calls
setuid programs. By setiing LD_NOSTD_PATH user allows such
programs easily fails, it is clear. Here can be very unpleasant
side effect that usually shell scripts not expects setuid
programs failing for such reasons and have lack of error traping
at this point. It can leads to unpredictable things in
shell script execution flow.


-- 
Andrey A. Chernov        : And I rest so composedly,  /Now, in my bed,
ache@astral.msk.su       : That any beholder  /Might fancy me dead -
http://dt.demos.su/~ache : Might start at beholding me,  /Thinking me dead.
RELCOM Team,FreeBSD Team :         E.A.Poe         From "For Annie" 1849