Date: Mon, 23 Oct 1995 20:16:28 -0700 From: David Greenman <davidg@Root.COM> To: ache@freefall.freebsd.org Cc: freebsd-hackers@freebsd.org, John Polstra <jdp@polstra.com> Subject: Re: ld.so, LD_NOSTD_PATH, and suid/sgid programs Message-ID: <199510240316.UAA00294@corbin.Root.COM> In-Reply-To: Your message of "Tue, 24 Oct 95 05:00:22 %2B0300." <EasY4ZmaY2@ache.dialup.demos.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
>In message <FaLS4ZmKU1@ache.dialup.demos.ru> > =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= writes: > >>In message <199510240141.SAA00275@corbin.Root.COM> David Greenman >> writes: > >>> Any shell script which is suseptible to a security hole because a command >>>failed to execute is broken. There are many reasons why things can fail >>>ranging from no diskspace available to who knows what. I think Andrey's hack >>>is an attempt to dam a river with a piece of tissue paper. The real problem > >>If we try to plug all potential holes that we find, even small ones, >>probability of security violation becomes reduced. I don't plan to dam whole >>river, just plug in small leak reducing leaks number at whole. > >BTW, why you stuck on "shell scripts" only? The same hole can hits >when commands entered by hand, see my example. If you are capable of entering commands by hand then it is not an issue - the malicious user can set the environment variables directly and he'll see the command failure, so? Actually, I really don't think this is an issue in any case, and I would rather see the hack removed than to continue in this direction. Now that I've had some time to think about this, I would rather that we just remove support for LD_NOSTD_PATH completely. Except for shared library debugging, I can't think of a legitimate use for it. -DG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199510240316.UAA00294>