Re: Bug#98467: ld.so not ignoring LD_PRELOAD on seduid binaries?
> > Well, with the old ld.so from David Engel (libc5), it was possible
> > to add the directories to /etc/ld.so.conf, and not use LD_LIBRARY_PATH.
> > If that works for the new one too, then builds that clobber
> > LD_LIBRARY_PATH would still be possible to support.
>
> Of course it still works. The problem is that libraries in these
> directories are considered "secure", and libfakeroot being considered
> "secure" is a bad thing. This is the whole reason it is in a
> subdirectory to begin with.
...beter try before you say `of course'...
I just (again) tried, and even if I switch on the +s bits, and put
libfakeroot.so* in /usr/X11R6/lib/neXtaw (mentioned in my /etc/ld.so.conf,
and in ldconfig -v), then still ld-2.2.3.so refuses to load `su'
(if LD_PRELOAD is set to libfakeroot.so.0, and LD_LIBRARY_PATH is unset).
I actually have to move the setuid libfakeroot.so* to /lib, before
ld.so accepts loading `su'.
This, BTW, leaves out the argument of `secure' libraries in /etc/ld.so.conf.
Those libraries are _not_ considered secure by me -- they don't contain
malicious code, but the code in most of those libraries wasn't written with
setuid binaries in mind, and it shouldn't be assumed that any library in
a path mentioned in /etc/ld.so.conf can be loaded by a setuid binary,
if the local user so wishes.
--
joostje
Reply to: