Date: Mon, 26 Jul 1999 13:21:33 +0100 From: Dominic Mitchell <Dom.Mitchell@palmerharvey.co.uk> To: jkoshy@FreeBSD.org Cc: chris@calldei.com, hackers@freebsd.org Subject: Re: yet more ways to attack executing binaries (was Re: deny ktrace without read permissions? ) Message-ID: <19990726132132.B78403@voodoo.pandhm.co.uk> In-Reply-To: <199907261116.EAA43920@freefall.freebsd.org>; from jkoshy@FreeBSD.org on Mon, Jul 26, 1999 at 04:16:28AM -0700 References: <19990726054037.D79022@holly.dyndns.org> <199907261116.EAA43920@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 26, 1999 at 04:16:28AM -0700, jkoshy@FreeBSD.org wrote: > LD_LIBRARY_PATH, LD_PRELOAD and LD_DEBUG are ignored for setuid executables > in FreeBSD. But the point being made is that they are not ignored for executables which have no read access. And from there, read access can be gained, because at that point, you have code running in the process's address space. -- Dom Mitchell -- Palmer & Harvey McLane -- Unix Systems Administrator In Mountain View did Larry Wall Sedately launch a quiet plea: That DOS, the ancient system, shall On boxes pleasureless to all Run Perl though lack they C. -- ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. ********************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990726132132.B78403>