From owner-freebsd-hackers Mon Oct 23 20:35:04 1995 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id UAA29216 for hackers-outgoing; Mon, 23 Oct 1995 20:35:04 -0700 Received: from sequent.kiae.su (sequent.kiae.su [144.206.136.6]) by freefall.freebsd.org (8.6.12/8.6.6) with SMTP id UAA29190 for ; Mon, 23 Oct 1995 20:34:53 -0700 Received: by sequent.kiae.su id AA09221 (5.65.kiae-2 ); Tue, 24 Oct 1995 07:33:13 +0400 Received: by sequent.KIAE.su (UUMAIL/2.0); Tue, 24 Oct 95 07:33:13 +0300 Received: (from ache@localhost) by ache.dialup.demos.ru (8.6.11/8.6.9) id GAA00556; Tue, 24 Oct 1995 06:32:30 +0300 To: ache@freefall.freebsd.org, davidg@Root.COM Cc: freebsd-hackers@freebsd.org, John Polstra References: <199510240316.UAA00294@corbin.Root.COM> In-Reply-To: <199510240316.UAA00294@corbin.Root.COM>; from David Greenman at Mon, 23 Oct 1995 20:16:28 -0700 Message-Id: Organization: Olahm Ha-Yetzirah Date: Tue, 24 Oct 1995 06:32:29 +0300 (MSK) X-Mailer: Mail/@ [v2.40 FreeBSD] From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) X-Class: Fast Subject: Re: ld.so, LD_NOSTD_PATH, and suid/sgid programs Lines: 35 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Length: 1605 Sender: owner-hackers@freebsd.org Precedence: bulk In message <199510240316.UAA00294@corbin.Root.COM> David Greenman writes: > If you are capable of entering commands by hand then it is not an issue - >the malicious user can set the environment variables directly and he'll see >the command failure, so? Actually, I really don't think this is an issue in Single command failure isn't a case. Imagine that first running program store results somewhere for second one, maybe databases can be involved here. Basically first program can be designed unbreakable, i.e. user can only run it and can't stop or force to fail. With LD_* things it gains more power to control it. >any case, and I would rather see the hack removed than to continue in this >direction. My task here is notify about possible results. So, don't surprise if anybody use this hole in future :-) > Now that I've had some time to think about this, I would rather that we >just remove support for LD_NOSTD_PATH completely. Except for shared library >debugging, I can't think of a legitimate use for it. I agree with this. It is too suspicious. Moreover LD_NOSTD_PATH not work properly now (you can set it and it does nothing). John Polstra says that he already know about it. Yet one moreover: it not works as Sun variant too, Sun's variant have some reasons to live as Terry points. -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - http://dt.demos.su/~ache : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849