Oystein Viggen <[EMAIL PROTECTED]> writes: > Niels M�ller wrote: > > > Execution of setuid or setgid binaries ignores LD_LIBRARY_PATH (and a > > bunch of other environment variables). Honoring the value of LD_LIBRARY_PATH > > would open huge security holes. > > Isn't it these kinds of things we should have /etc/ld.so.conf for? > (Now why don't we have that one, anyway?)
Don't know, but perhaps because shadowfs, whenever that is implemented, is expected to put all relevant libraries in /lib (but I'm not entirely sure how that will work, can different users have a different view of /lib? Without setting up their own /, of course). But for this particular case, xterm,, if there's any reason for it to be setuid or setguid, that's most likely a bug. I'm not sure why xterm was ever setuid/setgid, but I guess it's because of the pty-operations it needs to do, but I'm pretty sure glibc implements a reasonable set of pty-related functions so that applications don't need special privileges to use pty:s securely. Sorry for my ignorance, I suspect xterm has been discussed many times before, on the debian lists and other places. So if there are other reasons for it being setuid/setgid, please enlighten me. /Niels
