On Sun, 3 Nov 2002, Miguel Mendez wrote: > > 2) Security. Can LD_LIBRARY_PATH (or other mechanisms) > > be used to deliberately subvert any of these programs? > > (especially the handful of suid/sgid programs here) > .. > > I can't come up right now with an idea of how exploiting LD_LIBRARY_PATH > could be useful with any of these, but the possibility exists. OTOH, the > recently added priviledge elevation feature should make it possible to > have *no* setuid programs on a system, and have the kernel elevate > priviledges for certain syscalls, based on the policy created by > systrace.
LD_LIBRARY_PATH is disabled for setuid binaries -- the kernel sets the P_ISSETUGID flag, which is exported to userspace by issetugid(), which is in turn checked by the rtld, which will refuse to observe that environmental variable (and a number of others) as a result. We have plenty of dynamically linked setuid binaires in the system already, and it's not a problem. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects [EMAIL PROTECTED] Network Associates Laboratories To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
