At 17:18 03/11/1995 -0500, Fred Blonder wrote: > From: Bernd Lehle <Bernd.Lehle@RUS.Uni-Stuttgart.DE> > > after all the fuzz about the telnet/shared lib stuff somebody > here came up with something that might be even more > interesting: > > What woul hapen in the following case: > > . > > This game could be played with any suid program, where You know > what routines it calls. > > Or am I missing something ? > >You're missing something. > >The dynamic linker won't pay attention to the LD_-whatever environment >variables if a program is set-uid: (real and effective UIDs different). > >This is a problem with /bin/login only because it runs as "root" >withOUT being set-uid; real and effective UIDs are the same. > Testing if (EUID != UID) before using env variables for dynamic linking is obviously a good point. But what about testing if EUID or UID equal to zero as well ? Indeed, there are few situations where you want root to run a program with custom library path : root has to be sure about the code it executes. Root trusting "foreign" libraries isn't certainly a good thing, even if on some systems, standard dynamic libraries belongs to "bin" in vendor's configuration ;-) At least, this will prevent us of taking care about trojaned library path is root env... Gillus