On Tue, Oct 23, 2012 at 04:31:52PM +0200, Emmanuel Dreyfus wrote: > In that situation, and perhaps in others, it would be nice if the > administrator could configure a trusted environement for setUID > binaries. We would need a way to feed a colon-separated list of > environement variables (example: > LD_PRELOAD=/usr/lib/libpthread.so:FOO=bar). I see two way of dealing > with it: > 1) lookup in /etc/suenv.d/$progname (probably libc based) > 2) use sysctl security.suenv.$progname (kernel based) > > I like the second one, which is simple to implement and cannot be messed > up with incorrect file permissions. I would fix my problem like this: > sysctl -w security.suenv.su=LD_PRELOAD=/usr/lib/libpthread.so > sysctl -w security.suenv.login=LD_PRELOAD=/usr/lib/libpthread.so > > Opinions?
gods please no. -- David A. Holland [email protected]
