Date: Wed, 06 Nov 2002 04:08:40 -0700 (MST) From: "M. Warner Losh" <imp@bsdimp.com> To: kientzle@acm.org Cc: flynn@energyhq.homeip.net, morganw@chemikals.org, current@FreeBSD.ORG Subject: Re: libc size Message-ID: <20021106.040840.44734873.imp@bsdimp.com> In-Reply-To: <3DC6CB56.8090809@acm.org> References: <3DC1AB26.5020708@acm.org> <20021103155858.3be6eda9.flynn@energyhq.homeip.net> <3DC6CB56.8090809@acm.org>
index | next in thread | previous in thread | raw e-mail
In message: <3DC6CB56.8090809@acm.org>
Tim Kientzle <kientzle@acm.org> writes:
: Several people have pointed out that FreeBSD has
: certain protections against LD_LIBRARY_PATH exploits,
: but there are still real questions here. (Kernel
: races, possibly?) Privilege elevation is an
: interesting idea, but tricky to audit.
There are no known issues in this area, and haven't been for a couple
of years now. While this isn't proof, it is a compelling argument.
This isn't a real question, to be honest. We've had dynamically
linked setuid/setgid programs for years. The only issues have been in
the setuid/setgid code itself, not the dynamic linker. Bugs of this
nature haven't really been a problem.
Warner
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021106.040840.44734873.imp>