SunOS and shared libraries, security aspects
eric.a.olson
junk1 at cbnews.att.com
Thu Aug 30 13:40:31 AEST 1990
In article <1990Aug29.033933.10062 at santra.uucp> jkp at cs.HUT.FI (Jyrki Kuoppala) writes:
>[ I'll also send this to security-alert at sun.com ]
>
>In article <1990Aug27.171211.16272 at maverick.ksu.ksu.edu>, terry at eece (Terry Hull) writes:
>>Hmmm. If my memory serves me correctly, executables that are suid
>>root and linked with shared libraries, must have those libraries in
>>/usr/lib or /lib. Could it be these executables are trying to find
>>shared libraries in /usr/local/lib?
>
>The shared library path environment variable is not taken into account
>if uid != euid. This restriction exists to reduce the possiblity of
>trojan horse-style shared libraries owned by the user and executed in
>a privileged state.
>
>It seems, however, that Sun has again hacked together and included in ....
Hold on... I thought I had been keeping up-to-date...
but I've never heard of a shared library path environment
variable! I can understand the reason for such a thing...
Can someone please point me to the appropriate mpage for more
info? Or is this inappropriate for 386 AT&T 3.2.2?
More information about the Comp.unix.wizards
mailing list