Re: LD_ hole (was Re: IFS hole?)

Howie Kaye (howie@ivory.cc.columbia.edu)
Wed, 15 Dec 93 19:17:26 EST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Mark Graff: "Sun Security Bulletin #124 (Was Re: IFS hole?)"
Previous message: Yonathan: "Re: IFS hole?"
Maybe in reply to: Michael Neuman: "LD_ hole (was Re: IFS hole?)"
Next in thread: Justin Mason: "The LD_* vars (was Re: LD_ hole)"

This depends on the real uid being different from the effective uid.  If
your program does something like "setuid(geteuid())", then you lose this
protection.  If you then run another program, it will be running as root,
and won't look like a suid'ed program, just something running as root.  It
will then look at the LD_LIBRARY_PATH.

 -----------------------------Howie Kaye				howie@columbia.edu
Columbia University			hlkcu@cuvma.bitnet
AcIS UNIX Systems Group			...!rutgers!columbia!howie

Next message: Mark Graff: "Sun Security Bulletin #124 (Was Re: IFS hole?)"
Previous message: Yonathan: "Re: IFS hole?"
Maybe in reply to: Michael Neuman: "LD_ hole (was Re: IFS hole?)"
Next in thread: Justin Mason: "The LD_* vars (was Re: LD_ hole)"