Re: Reports & Questions

[nisse@lysator.liu.se (Niels Möller)]

Oystein Viggen <oysteivi@tihlde.org> writes:

> Niels Möller wrote: 
> 
> > Execution of setuid or setgid binaries ignores LD_LIBRARY_PATH (and a
> > bunch of other environment variables). Honoring the value of LD_LIBRARY_PATH
> > would open huge security holes.
> 
> Isn't it these kinds of things we should have /etc/ld.so.conf for?
> (Now why don't we have that one, anyway?)

Don't know, but perhaps because shadowfs, whenever that is
implemented, is expected to put all relevant libraries in /lib (but
I'm not entirely sure how that will work, can different users have a
different view of /lib? Without setting up their own /, of course).

But for this particular case, xterm,, if there's any reason for it to
be setuid or setguid, that's most likely a bug. I'm not sure why xterm
was ever setuid/setgid, but I guess it's because of the pty-operations
it needs to do, but I'm pretty sure glibc implements a reasonable set
of pty-related functions so that applications don't need special
privileges to use pty:s securely.

Sorry for my ignorance, I suspect xterm has been discussed many times
before, on the debian lists and other places. So if there are other
reasons for it being setuid/setgid, please enlighten me.

/Niels