Date: Mon, 23 Oct 1995 18:10:45 -0600 From: Nate Williams <nate@rocky.sri.MT.net> To: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) <ache@astral.msk.su> Cc: Nate Williams <nate@rocky.sri.MT.net>, ache@freefall.freebsd.org, freebsd-hackers@freebsd.org, John Polstra <jdp@polstra.com> Subject: Re: ld.so, LD_NOSTD_PATH, and suid/sgid programs Message-ID: <199510240010.SAA24195@rocky.sri.MT.net> In-Reply-To: <Faij2Zmq8S@ache.dialup.demos.ru> References: <m0t7SFB-000078C@seattle.polstra.com> <Aagc1ZmOzJ@ache.dialup.demos.ru> <199510232318.RAA24039@rocky.sri.MT.net> <Faij2Zmq8S@ache.dialup.demos.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> >> >Can you see a security reason for disabling LD_NOSTD_PATH for suid/sgid > >> >programs? If not, I think that the recent change should be removed from > >> >rtld.c. > >> > >> In this case I keep in mind some shell script execution which calls > >> setuid programs. By setiing LD_NOSTD_PATH user allows such > >> programs easily fails, it is clear. > > >Why should a program which calls setuid programs fail in the first > >place? If they are calling a setuid program it will still only look in > >the 'normal' places for shlibs, which means they are safe. > > If user set LD_NOSTD_PATH it *NOT* look for normal places anymore. Then a system shared binary is *completely* and *utterly* useless. Anyone who writes programs that writes shells scripts that depend on system routines working with LD_NOSTD_PATH should deserve the error messages they get. Why are we un-necessarily complicating the runtime loader with this? Given this, I say the change is gratitious and un-needed. Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199510240010.SAA24195>