From owner-freebsd-commit Sun Oct 22 14:27:20 1995 Return-Path: owner-commit Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id OAA07951 for freebsd-commit-outgoing; Sun, 22 Oct 1995 14:27:20 -0700 Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id OAA07900 for cvs-all-outgoing; Sun, 22 Oct 1995 14:27:10 -0700 Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id OAA07888 for cvs-user-outgoing; Sun, 22 Oct 1995 14:27:07 -0700 Received: from aslan.cdrom.com (aslan.cdrom.com [192.216.223.142]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id OAA07871 ; Sun, 22 Oct 1995 14:27:03 -0700 Received: from localhost.cdrom.com (localhost.cdrom.com [127.0.0.1]) by aslan.cdrom.com (8.6.12/8.6.9) with SMTP id OAA17661; Sun, 22 Oct 1995 14:26:42 -0700 Message-Id: <199510222126.OAA17661@aslan.cdrom.com> X-Authentication-Warning: aslan.cdrom.com: Host localhost.cdrom.com didn't use HELO protocol To: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) cc: "Justin T. Gibbs" , CVS-commiters@freefall.freebsd.org, "Andrey A. Chernov" , cvs-user@freefall.freebsd.org Subject: Re: cvs commit: src/secure/libexec/telnetd sys_term.c In-reply-to: Your message of "Sat, 21 Oct 1995 01:36:07 +0300." Date: Sun, 22 Oct 1995 14:26:42 -0700 From: "Justin T. Gibbs" Sender: owner-commit@FreeBSD.org Precedence: bulk >In message <199510202030.NAA10249@aslan.cdrom.com> Justin T. Gibbs > writes: > >>>1) No, LD_NOSTD_PATH have risk too. Unimplemented LD_PRELOAD have risk >>>too. > >>Not unless you also specify an LD_LIBRARY_PATH. > >No, LD_NOSTD_PATH treated separately. But the worst effect it can have is make a program not load because its shlibs aren't found unless you set LD_LIBRARY_PATH. >>What environment does ld look at during an exec call? The environment >>of the original process? Could we work around this with an execle or >>exect approach? > >telnetd assumes in several places that it modify/get master environment, >so it is possible, but require more work and will cause more differences >with standard telnetd development stream. Perhaps we should mention it to the author. Don't we also have a security problem in login since it is shared? I would expect any user logged into your system to be able to become any other user by using their own crypt library. Its not like our library sources aren't availible. :) >-- >Andrey A. Chernov : And I rest so composedly, /Now, in my bed, >ache@astral.msk.su : That any beholder /Might fancy me dead - >http://dt.demos.su/~ache : Might start at beholding me, /Thinking me dead. >RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849 -- Justin T. Gibbs =========================================== Software Developer - Walnut Creek CDROM FreeBSD: Turning PCs into workstations ===========================================