Bug#410036: libc6: resolver: $LOCALDOMAIN does not work as non-root user
Raoul Borenius a écrit :
> Thanx for the quick reply!
>
> On Wed, Feb 07, 2007 at 12:01:22PM +0100, Aurelien Jarno wrote:
>> For security reasons this environment variable (among others) is not
>> used for setuid programs. /bin/ping is setuid.
>
> Sorry for not thinking about that. You're right...
>
> Probably it would be a good idea to put that into the man page of
> resolver(3)?
If you think it is a good idea, please report a bug against the manpages
package. It's the one which provides this man page.
> BTW: is there a list of variables which are passed on to setuid programs
> somwhere? I looked into setuid(3posix) but did not find anything.
>
There is no list of variables that are passed, but a list of variable
that are not passed. This list is defined in the source code in
sysdeps/generic/unsecvars.h . See the attached file.
Bye,
Aurelien
--
.''`. Aurelien Jarno | GPG: 1024D/F1BCDB73
: :' : Debian developer | Electrical Engineer
`. `' aurel32@debian.org | aurelien@aurel32.net
`- people.debian.org/~aurel32 | www.aurel32.net
/* Environment variable to be removed for SUID programs. The names are
all stuffed in a single string which means they have to be terminated
with a '\0' explicitly. */
#define UNSECURE_ENVVARS \
"LD_PRELOAD\0" \
"LD_LIBRARY_PATH\0" \
"LD_ORIGIN_PATH\0" \
"LD_DEBUG\0" \
"LD_DEBUG_OUTPUT\0" \
"LD_PROFILE\0" \
"LD_USE_LOAD_BIAS\0" \
"LD_DYNAMIC_WEAK\0" \
"LD_SHOW_AUXV\0" \
"GCONV_PATH\0" \
"GETCONF_DIR\0" \
"HOSTALIASES\0" \
"LOCALDOMAIN\0" \
"LOCPATH\0" \
"MALLOC_TRACE\0" \
"NLSPATH\0" \
"RESOLV_HOST_CONF\0" \
"RES_OPTIONS\0" \
"TMPDIR\0" \
"TZDIR\0"
Reply to: