suid binaries evaluate LD_PRELOAD?

To: debian-glibc@lists.debian.org
Subject: suid binaries evaluate LD_PRELOAD?
From: Caspar Bothmer <caspar@cbothmer.org>
Date: Mon, 14 Jul 2003 10:46:17 +0200
Message-id: <[🔎] 3F126DD9.3020602@cbothmer.org>

Package: glibc
Version: different versions
Distribution: Debian woody, sid, other Non-Debian (SuSE,RH, Gentoo)
Unaffected: Debian potato (at least my installation)
Vulnerable: yes, local, privilege escalation

Reproducible: always

Behaviour: LD_PRELOAD gets evaluated:
caspar@marvin:~$ LD_PRELOAD=funny /bin/su
/bin/su: error while loading shared libraries: funny: cannot open shared
object file: No such file or directory
caspar@marvin:~$

Should be: no evaluation:
caspar@marvin:~$ LD_PRELOAD=funny /bin/su
Password:

Known problem: reported in 1998, also fix in DSA-039-1, Mar 8, 2001

Reported to me by: Sascha Silbe
Initial Bugreport by Sascha Silbe:
http://bugs.gentoo.org/show_bug.cgi?id=24332


Please fix this bug.


bye

caspar

Attachment: pgpa7lsNBWhLU.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: suid binaries evaluate LD_PRELOAD?
  - From: Daniel Jacobowitz <dan@debian.org>

Prev by Date: Bug#25824: [Bug other/6903] gcc could give better error message when /tmp gets full
Next by Date: Processed: merging 200833 200887
Previous by thread: Bug#25824: [Bug other/6903] gcc could give better error message when /tmp gets full
Next by thread: Re: suid binaries evaluate LD_PRELOAD?
Index(es):
- Date
- Thread