Date: Mon, 23 Oct 1995 17:33:20 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: gibbs@freefall.freebsd.org (Justin T. Gibbs) Cc: ache@astral.msk.su, gibbs@freefall.freebsd.org, ache@freefall.freebsd.org, freebsd-hackers@FreeBSD.ORG, jdp@polstra.com Subject: Re: ld.so, LD_NOSTD_PATH, and suid/sgid programs Message-ID: <199510240033.RAA12297@phaeton.artisoft.com> In-Reply-To: <199510240031.RAA21409@aslan.cdrom.com> from "Justin T. Gibbs" at Oct 23, 95 05:31:23 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> >>But anyone who sets LD_NOSTD_PATH will not be able to run *anything* > >>shared unless the have a sane LD_LIBRARY_PATH. This is not a > >>shell script only problem and I don't think the change is appropriate. > > > >Well, we have a lot static utils, i.e. whole /bin, /sbin and > >few from other places. They still works in this situation. > >Moreover, current shared shell works too, it is already in memory. > > Bogus argument in my opinion. The people who are going to use > LD_NOSTD_PATH will know its effects. If you still want to argue > about this, fine, but I'd like to put this issue to a vote. Sun can use LD_NOSTD_PATH because all it does is turn off the search path from ldconfig. When you compile a binary with a shared lib on SunOS, it remembers the path of the library it actually linked with. I thought FreeBSD did this as well? The point is to prevent a hack of ldconfig or the database from being a security problem (even if it's just a Trojan used for the hack). If FreeBSD "does the right thing" when the library path searching is disabled (ie: "knows" the path used on the link), then LD_NOSTD_PATH is a valid change. Otherwise, it is not. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199510240033.RAA12297>