In message: <[EMAIL PROTECTED]>
Tim Kientzle <[EMAIL PROTECTED]> writes:
: Several people have pointed out that FreeBSD has
: certain protections against LD_LIBRARY_PATH exploits,
: but there are still real questions here. (Kernel
: races, possibly?) Privilege elevation is an
: interesting idea, but tricky to audit.
There are no known issues in this area, and haven't been for a couple
of years now. While this isn't proof, it is a compelling argument.
This isn't a real question, to be honest. We've had dynamically
linked setuid/setgid programs for years. The only issues have been in
the setuid/setgid code itself, not the dynamic linker. Bugs of this
nature haven't really been a problem.
Warner
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
