Michael Neuman <mcn@c3serve.c3.lanl.gov> wrote: > > > c) delete any environment varable that begins with LD_ > > Most people have said this for obvious reasons, but the ld manpage says > that will not search anything (for suid binaries) other than the trusted > paths for dynamically linked libraries even if LD_LIBRARY_PATH is set. Is > this statement false? Is there a way around it? Is LD_PRELOAD_PATH documented > anywhere? :-) The problem is when that suid program calls any other program, keeping privileges, the LD_* variables _are_ used. ld.so will ignore LD_* if the effective uid is not equal to the real uid. rik. -- Rik Harris - rik.harris@vifp.monash.edu.au || Systems Programmer +61 3 560-3265 (AH) +61 3 565-3227 (BH) || and Administrator Fac. of Computing & Info.Tech., Monash Uni, Australia || Vic. Institute of http://www.vifp.monash.edu.au/people/rik.htm || Forensic Pathology