[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#98467: ld.so not ignoring LD_PRELOAD on seduid binaries?

On Wed, May 23, 2001 at 08:57:30PM +0200, joost witteveen wrote:
> > > Well, with the old ld.so from David Engel (libc5), it was possible
> > > to add the directories to /etc/ld.so.conf, and not use LD_LIBRARY_PATH.
> > > If that works for the new one too, then builds that clobber
> > > LD_LIBRARY_PATH would still be possible to support.
> > 
> > Of course it still works. The problem is that libraries in these
> > directories are considered "secure", and libfakeroot being considered
> > "secure" is a bad thing. This is the whole reason it is in a
> > subdirectory to begin with.
> ...beter try before you say `of course'...
> I just (again) tried, and even if I switch on the +s bits, and put
> libfakeroot.so* in /usr/X11R6/lib/neXtaw (mentioned in my /etc/ld.so.conf,
> and in ldconfig -v), then still ld-2.2.3.so refuses to load `su'
> (if LD_PRELOAD is set to libfakeroot.so.0, and LD_LIBRARY_PATH is unset).
> I actually have to move the setuid libfakeroot.so* to /lib, before
> ld.so accepts loading `su'.
> This, BTW, leaves out the argument of `secure' libraries in /etc/ld.so.conf.
> Those libraries are _not_ considered secure by me -- they don't contain
> malicious code, but the code in most of those libraries wasn't written with
> setuid binaries in mind, and it shouldn't be assumed that any library in
> a path mentioned in /etc/ld.so.conf can be loaded by a setuid binary,
> if the local user so wishes.

I did not say anything about setuid, I said that /etc/ld.so.conf works,
in general. That was during the discussion of fakeroot.

/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`  bcollins@debian.org  --  bcollins@openldap.org  --  bcollins@linux.com  '

Reply to: