Re: Some ideas and concerns regarding fakeroot
Christoph Lameter wrote:
> The fakeroot package simulates virtual permissions and might be able to
> simulate virtual files such as an /etc/passwd file. It would be a big
> security hole if someone could develope a library that can be preloaded
> with LD_PRELOAD which results in the ability to tamper with the contents
> of /etc/passwd by redirecting it somewhere else. Fakeroot seems to show to
> me that this is possible. The LD_PRELOAD function should be somehow
> safeguarded. I do not want any of the users on my system to have that
> Simple hack with such a preloaded library: Substitute a known password for
> root in /etc/passwd and run su. Type the password and you are superuser.
Why do you think this could possibly be done? Suid programs ignore
LD_PRELOAD, won't that prevent this?
see shy jo
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to email@example.com .