Date: Sun, 3 Nov 2002 14:00:16 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.ORG> To: Miguel Mendez <flynn@energyhq.homeip.net> Cc: kientzle@acm.org, morganw@chemikals.org, current@FreeBSD.ORG Subject: Re: libc size Message-ID: <Pine.NEB.3.96L.1021103135713.62308A-100000@fledge.watson.org> In-Reply-To: <20021103155858.3be6eda9.flynn@energyhq.homeip.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 3 Nov 2002, Miguel Mendez wrote: > > 2) Security. Can LD_LIBRARY_PATH (or other mechanisms) > > be used to deliberately subvert any of these programs? > > (especially the handful of suid/sgid programs here) > .. > > I can't come up right now with an idea of how exploiting LD_LIBRARY_PATH > could be useful with any of these, but the possibility exists. OTOH, the > recently added priviledge elevation feature should make it possible to > have *no* setuid programs on a system, and have the kernel elevate > priviledges for certain syscalls, based on the policy created by > systrace. LD_LIBRARY_PATH is disabled for setuid binaries -- the kernel sets the P_ISSETUGID flag, which is exported to userspace by issetugid(), which is in turn checked by the rtld, which will refuse to observe that environmental variable (and a number of others) as a result. We have plenty of dynamically linked setuid binaires in the system already, and it's not a problem. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1021103135713.62308A-100000>