From owner-freebsd-hackers Mon Oct 23 18:19:29 1995 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id SAA16557 for hackers-outgoing; Mon, 23 Oct 1995 18:19:29 -0700 Received: from sequent.kiae.su (sequent.kiae.su [144.206.136.6]) by freefall.freebsd.org (8.6.12/8.6.6) with SMTP id SAA16543 for ; Mon, 23 Oct 1995 18:19:24 -0700 Received: by sequent.kiae.su id AA11274 (5.65.kiae-2 ); Tue, 24 Oct 1995 05:16:08 +0400 Received: by sequent.KIAE.su (UUMAIL/2.0); Tue, 24 Oct 95 05:16:06 +0300 Received: (from ache@localhost) by ache.dialup.demos.ru (8.6.11/8.6.9) id EAA00246; Tue, 24 Oct 1995 04:15:05 +0300 To: "Justin T. Gibbs" , Terry Lambert Cc: ache@freefall.freebsd.org, freebsd-hackers@FreeBSD.ORG, jdp@polstra.com References: <199510240033.RAA12297@phaeton.artisoft.com> In-Reply-To: <199510240033.RAA12297@phaeton.artisoft.com>; from Terry Lambert at Mon, 23 Oct 1995 17:33:20 -0700 (MST) Message-Id: Organization: Olahm Ha-Yetzirah Date: Tue, 24 Oct 1995 04:15:04 +0300 (MSK) X-Mailer: Mail/@ [v2.40 FreeBSD] From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) X-Class: Fast Subject: Re: ld.so, LD_NOSTD_PATH, and suid/sgid programs Lines: 46 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Length: 1999 Sender: owner-hackers@FreeBSD.ORG Precedence: bulk In message <199510240033.RAA12297@phaeton.artisoft.com> Terry Lambert writes: >> >>But anyone who sets LD_NOSTD_PATH will not be able to run *anything* >> >>shared unless the have a sane LD_LIBRARY_PATH. This is not a >> >>shell script only problem and I don't think the change is appropriate. >> > >> >Well, we have a lot static utils, i.e. whole /bin, /sbin and >> >few from other places. They still works in this situation. >> >Moreover, current shared shell works too, it is already in memory. >> >> Bogus argument in my opinion. The people who are going to use >> LD_NOSTD_PATH will know its effects. If you still want to argue >> about this, fine, but I'd like to put this issue to a vote. >Sun can use LD_NOSTD_PATH because all it does is turn off the search >path from ldconfig. >When you compile a binary with a shared lib on SunOS, it remembers the >path of the library it actually linked with. >I thought FreeBSD did this as well? >The point is to prevent a hack of ldconfig or the database from being >a security problem (even if it's just a Trojan used for the hack). >If FreeBSD "does the right thing" when the library path searching is >disabled (ie: "knows" the path used on the link), then LD_NOSTD_PATH >is a valid change. Otherwise, it is not. Yes, Terry, I agree with you. FreeBSD NOT does right thing here, i.e. it not remember path actually linked with, it relays on ld.so.hints only, so my change is valid. And most interesting thing is that LD_NOSTD_PATH not works at all yet. You can check it by setting LD_NOSTD_PATH, nothing happens then. I.e. you can still run all shared binaries with STD path. :-) I assume that it will be implemented properly in future. -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - http://dt.demos.su/~ache : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849