From owner-freebsd-hackers Mon Oct 23 21:17:23 1995 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id VAA04063 for hackers-outgoing; Mon, 23 Oct 1995 21:17:23 -0700 Received: from rocky.sri.MT.net (sri.MT.net [204.94.231.129]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id VAA04029 for ; Mon, 23 Oct 1995 21:17:08 -0700 Received: (from nate@localhost) by rocky.sri.MT.net (8.6.12/8.6.12) id WAA24802; Mon, 23 Oct 1995 22:19:14 -0600 Date: Mon, 23 Oct 1995 22:19:14 -0600 From: Nate Williams Message-Id: <199510240419.WAA24802@rocky.sri.MT.net> To: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) Cc: ache@freefall.freebsd.org, freebsd-hackers@freebsd.org Subject: Re: ld.so, LD_NOSTD_PATH, and suid/sgid programs In-Reply-To: References: <199510232318.RAA24039@rocky.sri.MT.net> <199510240010.SAA24195@rocky.sri.MT.net> <199510240233.UAA24556@rocky.sri.MT.net> Sender: owner-hackers@freebsd.org Precedence: bulk > >Well, simple example: > > > setuid_shared_binary > /tmp/file > > ... (f.e. few static commands) > > setuid_static_binary < /tmp/file # OOPS! > > (umask is restrictive, of course) How will this example fail if you set LD_NOSTD_PATH? > When LD_NOSTD_PATH is set (when it will works, of course), > first binary fails leaving an empty file and second binary > got empty input when it isn't suppose it. And the problem is? > I assume script was unbreakable, of course, i.e. all signals > was disabled. Now it becomes breakable. Why is the script breakable? > Basically it means that intruder gains ability to selectively > control execution flow. Sigh, I think there are much bigger holes in the system that folks will have problems with if you attempt to use 'secure' shell scripts. Nate