"In the previous message, Rens Troost said..." > > > >>>>> "hoodr" == hoodr <hoodr@hoodr.slip.netcom.com> writes: > >> Second question: How can I write a program that keeps the > >> LD_LIBRARY_PATH variable from being exploited? i.e. the SUN > >> 'login' bug where LD_LIBRARY_PATH got exploited. I would ASSUME I > >> could prevent this by doing something like: > >> putenv("LD_LIBRARY_PATH"), but that just seems too simple to be a > >> true fix. (If it's not complex, it's not right? :) Its a good idea to write a routine to scrub *ALL* LD_* environment varibles first thing in any SUID program. ESPECIALLY any that exec's another program with any kind of privilege. One of the few things of use from CERT is an advisory that has a sample function to do this. Its done in such a way that added ones are still scrubbed (it tests only for 'LD_' and if the first 3 chars match that, the variable is scrubbed by moving the next one up into its place, and likewise thru the array, and putting a null pointer in the vacated last position. I don't recall the advisory number, its one discussing login, and su. -- pat@rwing [If all fails, try: rwing!pat@eskimo.com] Pat Myrto - Seattle WA "No one has the right to destroy another person's belief by demanding empirical evidence." -- Ann Landers, nationally syndicated advice columnist and Director at Handgun Control Inc.