Date: Wed, 24 Nov 2010 02:04:34 GMT From: arundel@FreeBSD.org To: lee@nerds.org.uk, arundel@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Re: misc/41179: [request] LD_LIBRARY_PATH security checks Message-ID: <201011240204.oAO24Y7j019096@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
Synopsis: [request] LD_LIBRARY_PATH security checks State-Changed-From-To: suspended->closed State-Changed-By: arundel State-Changed-When: Wed Nov 24 01:47:22 UTC 2010 State-Changed-Why: The situation described in this PR *only* applies to the root user. The purpose of running any commands as uid=0 is to have no security checks in place. If a regular user uses su(1) to gain root priviliges he should be aware that all his enviremental settings (unless su(1) was invoked with the -l switch) will *not* be discarded. The idea of adding security checks to LD_LIBRARY_PATH similar to those in ldconfig(8) was defenately a good idea, but since it never caught on i'll close this. Also even OpenBSD - famous for it's security awareness - doesn't seem to have incorporated this or a similar concept. http://www.freebsd.org/cgi/query-pr.cgi?pr=41179
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201011240204.oAO24Y7j019096>