Date: Tue, 24 Oct 1995 05:56:34 +0300 (MSK) From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) <ache@astral.msk.su> To: Nate Williams <nate@rocky.sri.MT.net> Cc: ache@freefall.freebsd.org, David Greenman <davidg@freebsd.org>, freebsd-hackers@freebsd.org Subject: Re: ld.so, LD_NOSTD_PATH, and suid/sgid programs Message-ID: <PaYN5Zm4G1@ache.dialup.demos.ru> In-Reply-To: <199510240233.UAA24556@rocky.sri.MT.net>; from Nate Williams at Mon, 23 Oct 1995 20:33:33 -0600 References: <m0t7SFB-000078C@seattle.polstra.com> <Aagc1ZmOzJ@ache.dialup.demos.ru> <199510232318.RAA24039@rocky.sri.MT.net> <Faij2Zmq8S@ache.dialup.demos.ru> <199510240010.SAA24195@rocky.sri.MT.net> <Cax53Zm0GT@ache.dialup.demos.ru> <199510240233.UAA24556@rocky.sri.MT.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199510240233.UAA24556@rocky.sri.MT.net> Nate Williams
writes:
>[ Disabling LD_NOSTD_PATH for suid/guid programs ]
>> >> If user set LD_NOSTD_PATH it *NOT* look for normal places anymore.
>>
>> >Then a system shared binary is *completely* and *utterly* useless.
>>
>> Do you mean our /usr/bin/su useless f.e.?
>> Or maybe /usr/sbin/sendmail?
>If you unset LD_NOSTD_PATH with these programs they will fail, since
>they will not be able to find their shlibs. There are *NO* known
>security risk by leaving the standard library path set in these
>programs.
I mean SET this variable and not UNSET. It is UNSET by default.
>> All shell scripts writted prior LD_NOSTD_PATH or writted not
>> in FreeBSD (f.e. SysV scriprs) deserve not only error messages
>> they get but unpredicatable code flow after it.
>Huh?
What huh?
>You can't provide me an example where unsetting LD_NOSTD_PATH is needed,
>so I would say that the burden of proof is on you.
unsetting -> setting.
I already post it to hackers list, check your mail system, maybe something
lost. Here it is again anyway:
In message <Dau-3ZmiH1@ache.dialup.demos.ru>
=?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= writes:
>Well, simple example:
> setuid_shared_binary > /tmp/file
> ... (f.e. few static commands)
> setuid_static_binary < /tmp/file # OOPS!
> (umask is restrictive, of course)
When LD_NOSTD_PATH is set (when it will works, of course),
first binary fails leaving an empty file and second binary
got empty input when it isn't suppose it.
I assume script was unbreakable, of course, i.e. all signals
was disabled. Now it becomes breakable.
Basically it means that intruder gains ability to selectively
control execution flow.
--
Andrey A. Chernov : And I rest so composedly, /Now, in my bed,
ache@astral.msk.su : That any beholder /Might fancy me dead -
http://dt.demos.su/~ache : Might start at beholding me, /Thinking me dead.
RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?PaYN5Zm4G1>