[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Xterm library failure...

On Mon, Apr 30, 2001 at 06:57:07PM +0200, Robert Bihlmeyer a ecrit: 
> 
> LD_LIBRARY_PATH *must* be ignored by suid programs. Otherwise, you
> could just compile a doctored /tmp/libc.so.X.Y which installs a root
> shell when open() is called and do "LD_LIBRARY_PATH=/tmp xterm" ...

Doh! Of course.

> That all these issues with non-root are unfixed for so long is
> probably due to most Hurd users just-use-root attitude. Not that this
> is less dirty than on other Unixoids.

Yeah, I can live with it. The last thing I am worried about is local
exploits on the box. :-) 

neil

-- 

------------------------------------------------------------------
Neil Levine				http://www.yoyo.org
------------------------------------------------------------------
Reply to: