Re: /dev/tcp, and a LD_LIBRARY_PATH question.

Pat Myrto (rwing!pat@ole.cdac.com)
Wed, 7 Dec 94 4:40:33 PST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Michael S. Hines: "AOL Provided Programs"
Previous message: der Mouse: "Re: Got this - not sure of authenticity. Better safe etc..."
In reply to: James R. Ault: "Re: /dev/tcp, and a LD_LIBRARY_PATH question."

"In the previous message, James R. Ault said..."
> 
> 
> > Its a good idea to write a routine to scrub *ALL* LD_* environment
> > varibles first thing in any SUID program.  ESPECIALLY any that
> > exec's another program with any kind of privilege.
> 
> The LD_* variables don't affect statically linked binaries, do they?

No, but the program the SUID program in turn execs may *not* be statically
linked.  I would put the scrubbing code in, on general principles, since
it is small, and because the problem is in the programs the SUID process
exec's, not in the SUID program itself (assuming the OS is operating
properly).


-- 
pat@rwing  [If all fails, try:  rwing!pat@eskimo.com]  Pat Myrto - Seattle WA
"No one has the right to destroy another person's belief by demanding
empirical evidence."  --   Ann Landers, nationally syndicated advice columnist
and Director at Handgun Control Inc.

Next message: Michael S. Hines: "AOL Provided Programs"
Previous message: der Mouse: "Re: Got this - not sure of authenticity. Better safe etc..."
In reply to: James R. Ault: "Re: /dev/tcp, and a LD_LIBRARY_PATH question."