From owner-freebsd-hackers  Tue Oct 21 09:07:07 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id JAA20871
          for hackers-outgoing; Tue, 21 Oct 1997 09:07:07 -0700 (PDT)
          (envelope-from owner-freebsd-hackers)
Received: from austin.polstra.com (austin.polstra.com [206.213.73.10])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id JAA20855
          for <hackers@freebsd.org>; Tue, 21 Oct 1997 09:07:04 -0700 (PDT)
          (envelope-from jdp@austin.polstra.com)
Received: from austin.polstra.com (jdp@localhost)
	by austin.polstra.com (8.8.7/8.8.5) with ESMTP id JAA16013;
	Tue, 21 Oct 1997 09:06:49 -0700 (PDT)
Message-Id: <199710211606.JAA16013@austin.polstra.com>
To: dec@phoenix.its.rpi.edu
Subject: Re: FreeBSD authentication...
In-Reply-To: <Pine.BSF.3.96.971018102700.27956A-100000@phoenix.its.rpi.edu>
References: <Pine.BSF.3.96.971018102700.27956A-100000@phoenix.its.rpi.edu>
Organization: Polstra & Co., Seattle, WA
Cc: hackers@freebsd.org
Date: Tue, 21 Oct 1997 09:06:48 -0700
From: John Polstra <jdp@polstra.com>
Sender: owner-freebsd-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In article <Pine.BSF.3.96.971018102700.27956A-100000@phoenix.its.rpi.edu>,
David E. Cross <dec@phoenix.its.rpi.edu> wrote:

> (Since they are implimented as shared libraries, that you link in as
> needed, would we need to rewrite ld.so a bit to ensure that people
> couldn't set their LD_LIBRARY_PATH, and then run su to get full root
> acces, sans password?)

The dynamic linker ignores LD_LIBRARY_PATH when running setuid or
setgid.

John
--
   John Polstra                                       jdp@polstra.com
   John D. Polstra & Co., Inc.                Seattle, Washington USA
   "Self-knowledge is always bad news."                 -- John Barth