> From bugtraq-owner@crimelab.crimelab.com Tue Dec 14 23:51:50 1993 > c) delete any environment varable that begins with LD_ Most people have said this for obvious reasons, but the ld manpage says that will not search anything (for suid binaries) other than the trusted paths for dynamically linked libraries even if LD_LIBRARY_PATH is set. Is this statement false? Is there a way around it? Is LD_PRELOAD_PATH documented anywhere? :-) There was a bug a while back involving this. Yes, the loader won't honor LD_LIBRARY_PATH if it detects that it's running setuid. But some programs -- like login -- do a setuid(geteuid()), and then exec something else. That program *isn't* setuid -- and if LD_LIBRARY_PATH is in the environment, it will be honored... Saying ``delete any environment varable that begins with LD_'' is exactly the wrong approach. Rather, you should wipe out the environment, and only create what you know you need. You don't *know* what else is dangerous, either today or 5 years from today, when your vendor has released the next ``enhancement''.