From owner-freebsd-hackers Mon Oct 23 19:32:37 1995 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id TAA23327 for hackers-outgoing; Mon, 23 Oct 1995 19:32:37 -0700 Received: from rocky.sri.MT.net (sri.MT.net [204.94.231.129]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id TAA23147 for ; Mon, 23 Oct 1995 19:31:35 -0700 Received: (from nate@localhost) by rocky.sri.MT.net (8.6.12/8.6.12) id UAA24556; Mon, 23 Oct 1995 20:33:33 -0600 Date: Mon, 23 Oct 1995 20:33:33 -0600 From: Nate Williams Message-Id: <199510240233.UAA24556@rocky.sri.MT.net> To: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) Cc: Nate Williams , ache@freefall.freebsd.org, freebsd-hackers@freebsd.org Subject: Re: ld.so, LD_NOSTD_PATH, and suid/sgid programs In-Reply-To: References: <199510232318.RAA24039@rocky.sri.MT.net> <199510240010.SAA24195@rocky.sri.MT.net> Sender: owner-hackers@freebsd.org Precedence: bulk [ Disabling LD_NOSTD_PATH for suid/guid programs ] > >> If user set LD_NOSTD_PATH it *NOT* look for normal places anymore. > > >Then a system shared binary is *completely* and *utterly* useless. > > Do you mean our /usr/bin/su useless f.e.? > Or maybe /usr/sbin/sendmail? If you unset LD_NOSTD_PATH with these programs they will fail, since they will not be able to find their shlibs. There are *NO* known security risk by leaving the standard library path set in these programs. > All shell scripts writted prior LD_NOSTD_PATH or writted not > in FreeBSD (f.e. SysV scriprs) deserve not only error messages > they get but unpredicatable code flow after it. Huh? > >Given this, I say the change is gratitious and un-needed. > > You need to prove it, not just say. You can't provide me an example where unsetting LD_NOSTD_PATH is needed, so I would say that the burden of proof is on you. Nate