Re: Bug#98467: ld.so not ignoring LD_PRELOAD on seduid binaries?
On Wed, May 23, 2001 at 08:37:51PM +0200, joost witteveen wrote:
> Je 2001/05/23(3)/12:05, Ben Collins montris sian geniecon skribante:
> > On Wed, May 23, 2001 at 05:33:44PM +0200, Richard Braakman wrote:
> > > On Wed, May 23, 2001 at 09:50:17AM -0400, Brian Ristuccia wrote:
> > > > With regard to bug #98467: Has the value of LD_PRELOAD set by the fakeroot
> > > > shell script changed between the current version and past versions of
> > > > fakeroot, and if so, is this the reason why setuid programs now fail to
> > > > execute at all? Is there any compelling reason why the value of LD_PRELOAD
> > > > set by fakeroot couldn't be reverted to the one containing a '/'?
> > >
> > > I remember this... it was to fix a problem on sparc, where two different
> > > libfakeroots were needed (one for sparc32 and one for sparc64). Having
> > > the full path in the LD_PRELOAD string prevented the dynamic loader from
> > > being smart about which one to load.
> >
> > Right. So fakeroot set LD_LIBRARY_PATH to the directories. Of course
> > this fails when builds clobber LD_LIBRARY_PATH.
>
> Well, with the old ld.so from David Engel (libc5), it was possible
> to add the directories to /etc/ld.so.conf, and not use LD_LIBRARY_PATH.
> If that works for the new one too, then builds that clobber
> LD_LIBRARY_PATH would still be possible to support.
Of course it still works. The problem is that libraries in these
directories are considered "secure", and libfakeroot being considered
"secure" is a bad thing. This is the whole reason it is in a
subdirectory to begin with.
Ben
--
-----------=======-=-======-=========-----------=====------------=-=------
/ Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \
` bcollins@debian.org -- bcollins@openldap.org -- bcollins@linux.com '
`---=========------=======-------------=-=-----=-===-======-------=--=---'
Reply to: