Date: Mon, 23 Oct 95 18:05 PDT From: jdp@polstra.com (John Polstra) To: ache@freefall.freebsd.org Cc: freebsd-hackers@freebsd.org, gibbs@freefall.freebsd.org Subject: Re: ld.so, LD_NOSTD_PATH, and suid/sgid programs Message-ID: <m0t7Xo8-000078C@seattle.polstra.com>
next in thread | raw e-mail | index | archive | help
> >Bogus argument in my opinion. The people who are going to use > >LD_NOSTD_PATH will know its effects. If you still want to argue > >about this, fine, but I'd like to put this issue to a vote. > > Yes, it can be used by intruder for hackers purposes, if he examine > previously what script does. I don't think it can be used for hacking purposes. All it can possibly do is make a command fail to execute at all. Any shell script would have to be pretty silly to permit that to result in a security breach. If you're going to worry about LD_NOSTD_PATH in ld.so, then why not also have it reset PATH, IFS, DISPLAY, and many other environment variables? (I am *not* recommending that!). > Ok with me, lets put this issue to a vote. Who gets to vote? John Polstra jdp@polstra.com Polstra & Co., Inc. Seattle, Washington USA "Self-knowledge is always bad news." -- John Barth
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m0t7Xo8-000078C>