From owner-freebsd-hackers Mon Oct 23 20:16:43 1995 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id UAA27598 for hackers-outgoing; Mon, 23 Oct 1995 20:16:43 -0700 Received: from sequent.kiae.su (sequent.kiae.su [144.206.136.6]) by freefall.freebsd.org (8.6.12/8.6.6) with SMTP id UAA27579 ; Mon, 23 Oct 1995 20:16:35 -0700 Received: by sequent.kiae.su id AA01028 (5.65.kiae-2 ); Tue, 24 Oct 1995 07:07:27 +0400 Received: by sequent.KIAE.su (UUMAIL/2.0); Tue, 24 Oct 95 07:07:25 +0300 Received: (from ache@localhost) by ache.dialup.demos.ru (8.6.11/8.6.9) id FAA00288; Tue, 24 Oct 1995 05:56:34 +0300 To: Nate Williams Cc: ache@freefall.freebsd.org, David Greenman , freebsd-hackers@freebsd.org References: <199510232318.RAA24039@rocky.sri.MT.net> <199510240010.SAA24195@rocky.sri.MT.net> <199510240233.UAA24556@rocky.sri.MT.net> In-Reply-To: <199510240233.UAA24556@rocky.sri.MT.net>; from Nate Williams at Mon, 23 Oct 1995 20:33:33 -0600 Message-Id: Organization: Olahm Ha-Yetzirah Date: Tue, 24 Oct 1995 05:56:34 +0300 (MSK) X-Mailer: Mail/@ [v2.40 FreeBSD] From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) X-Class: Fast Subject: Re: ld.so, LD_NOSTD_PATH, and suid/sgid programs Lines: 59 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Length: 2022 Sender: owner-hackers@freebsd.org Precedence: bulk In message <199510240233.UAA24556@rocky.sri.MT.net> Nate Williams writes: >[ Disabling LD_NOSTD_PATH for suid/guid programs ] >> >> If user set LD_NOSTD_PATH it *NOT* look for normal places anymore. >> >> >Then a system shared binary is *completely* and *utterly* useless. >> >> Do you mean our /usr/bin/su useless f.e.? >> Or maybe /usr/sbin/sendmail? >If you unset LD_NOSTD_PATH with these programs they will fail, since >they will not be able to find their shlibs. There are *NO* known >security risk by leaving the standard library path set in these >programs. I mean SET this variable and not UNSET. It is UNSET by default. >> All shell scripts writted prior LD_NOSTD_PATH or writted not >> in FreeBSD (f.e. SysV scriprs) deserve not only error messages >> they get but unpredicatable code flow after it. >Huh? What huh? >You can't provide me an example where unsetting LD_NOSTD_PATH is needed, >so I would say that the burden of proof is on you. unsetting -> setting. I already post it to hackers list, check your mail system, maybe something lost. Here it is again anyway: In message =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= writes: >Well, simple example: > setuid_shared_binary > /tmp/file > ... (f.e. few static commands) > setuid_static_binary < /tmp/file # OOPS! > (umask is restrictive, of course) When LD_NOSTD_PATH is set (when it will works, of course), first binary fails leaving an empty file and second binary got empty input when it isn't suppose it. I assume script was unbreakable, of course, i.e. all signals was disabled. Now it becomes breakable. Basically it means that intruder gains ability to selectively control execution flow. -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - http://dt.demos.su/~ache : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849