SunOS and shared libraries, security aspects

Guy Harris guy at auspex.auspex.com
Thu Sep 13 04:35:07 AEST 1990


>Yes. A kludge is a kludge, and should be avoided at all costs. What we
>really need is an option to ldconfig that allows the system administrator
>to specify path components in LD_LIBRARY_PATH that will be honoured by
>setuid programs.

Yes, some mechanism such as that - which might *also* want to, e.g.,
allow the system administrator to specify path components in boring old
PATH that set-UID programs can trust - might be nice.

It would, however, *NOT* affect the problem Jyrki is discussing!  The
problem there isn't with setUID programs, it's with programs that

	1) let you run e.g. some user's login shell, under their UID,
	   even if that user's account has no password (in which case
	   it won't ask you for a password),

and

	2) pass LD_LIBRARY_PATH (or any of various other environment
	   variables, although the others can generally be reamed out
	   of the environment very early on in "main()", while
	   LD_LIBRARY_PATH is used before "main()" is even called)
	   through unmolested when running said login shells.



More information about the Comp.unix.internals mailing list