Bug#272210: libc6: LD_DEBUG should be ignored for suid/sgid binaries
At Sat, 18 Sep 2004 13:20:08 +0200,
Ulf Härnhammar wrote:
> I read this article in LWN about how LD_DEBUG should be ignored for
> suid/sgid binaries to avoid helping people to exploit race conditions:
>
> http://lwn.net/Articles/99137/
>
> Sarge exhibits this problem, as you can see here:
>
> metaur@metaur:~$ ls -al /usr/bin/passwd
> -rwsr-xr-x 1 root root 26616 2004-09-08 07:13 /usr/bin/passwd
> metaur@metaur:~$ LD_DEBUG=all /usr/bin/passwd
> 6705:
> 6705: file=libcrypt.so.1; needed by /usr/bin/passwd
> 6705: find library=libcrypt.so.1; searching
> 6705: search cache=/etc/ld.so.cache
> 6705: trying file=/lib/libcrypt.so.1
> 6705:
> 6705: file=libcrypt.so.1; generating link map
> 6705: dynamic: 0x40026304 base: 0x40021000 size: 0x0002c55c
> [...lots of output...]
Isn't "cat /proc/<pid>/maps" security critical?
> Please consider patching this.
Where?
Regards,
-- gotom
Reply to: