Date: Tue, 18 Nov 2003 20:07:25 -0800 From: David Schultz <das@FreeBSD.ORG> To: Scott Long <scottl@FreeBSD.ORG> Cc: "M. Warner Losh" <imp@bsdimp.com> Subject: Re: Unfortunate dynamic linking for everything Message-ID: <20031119040725.GB63031@VARK.homeunix.com> In-Reply-To: <20031118175434.A35215@pooker.samsco.home> References: <200311190021.hAJ0Lj5e000832@dyson.jdyson.com> <20031118175434.A35215@pooker.samsco.home>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 18, 2003, Scott Long wrote:
> > The additional hole of exploiting the system through the shared libs
> > is a negative tradeoff.
>
> Exploits in libraries happen though. The LD_LIBRARY_PATH attack is an old
> one that most Unixes are hopefully hardened against.
FreeBSD had a lingering LD_LIBRARY_PATH-related vulnerability
until Sunday, actually[1]. ;-) But I don't mean to dispute your
point. Like most of the other arguments in this bikeshed, there
is nothing fundamental about the LD_LIBRARY_PATH problem---nothing
that can't be fixed easily.
[1] The bug is either that nologin(8) respected LD_LIBRARY_PATH or
that sshd(8) and login(1) allow environment poisoning, depending
on your point of view.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031119040725.GB63031>