Date: Tue, 24 Oct 1995 04:15:04 +0300 (MSK) From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) <ache@astral.msk.su> To: "Justin T. Gibbs" <gibbs@freefall.freebsd.org>, Terry Lambert <terry@lambert.org> Cc: ache@freefall.freebsd.org, freebsd-hackers@FreeBSD.ORG, jdp@polstra.com Subject: Re: ld.so, LD_NOSTD_PATH, and suid/sgid programs Message-ID: <BaOu3ZmmC0@ache.dialup.demos.ru> In-Reply-To: <199510240033.RAA12297@phaeton.artisoft.com>; from Terry Lambert at Mon, 23 Oct 1995 17:33:20 -0700 (MST) References: <199510240033.RAA12297@phaeton.artisoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199510240033.RAA12297@phaeton.artisoft.com> Terry Lambert
writes:
>> >>But anyone who sets LD_NOSTD_PATH will not be able to run *anything*
>> >>shared unless the have a sane LD_LIBRARY_PATH. This is not a
>> >>shell script only problem and I don't think the change is appropriate.
>> >
>> >Well, we have a lot static utils, i.e. whole /bin, /sbin and
>> >few from other places. They still works in this situation.
>> >Moreover, current shared shell works too, it is already in memory.
>>
>> Bogus argument in my opinion. The people who are going to use
>> LD_NOSTD_PATH will know its effects. If you still want to argue
>> about this, fine, but I'd like to put this issue to a vote.
>Sun can use LD_NOSTD_PATH because all it does is turn off the search
>path from ldconfig.
>When you compile a binary with a shared lib on SunOS, it remembers the
>path of the library it actually linked with.
>I thought FreeBSD did this as well?
>The point is to prevent a hack of ldconfig or the database from being
>a security problem (even if it's just a Trojan used for the hack).
>If FreeBSD "does the right thing" when the library path searching is
>disabled (ie: "knows" the path used on the link), then LD_NOSTD_PATH
>is a valid change. Otherwise, it is not.
Yes, Terry, I agree with you. FreeBSD NOT does right thing here,
i.e. it not remember path actually linked with, it relays
on ld.so.hints only, so my change is valid.
And most interesting thing is that LD_NOSTD_PATH not works at all yet.
You can check it by setting LD_NOSTD_PATH, nothing happens then.
I.e. you can still run all shared binaries with STD path. :-)
I assume that it will be implemented properly in future.
--
Andrey A. Chernov : And I rest so composedly, /Now, in my bed,
ache@astral.msk.su : That any beholder /Might fancy me dead -
http://dt.demos.su/~ache : Might start at beholding me, /Thinking me dead.
RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BaOu3ZmmC0>