Re: LD_PRELOAD used with setuid programs (was Re: Fakeroot security problem)
>>>>> 44 1383 821921 writes:
> I enquired about LD_PRELOAD on the misc@openbsd.org list (for those who don't
> know, OpenBSD is a variant of BSD which specialises in security and
> multi-platform support). I obtained the following response.
> David Scott
> -----------------------------------------------------------------------------
> On Wed, Feb 11, 1998 at 12:10:03PM +0000, David Scott +44 1383 821921 wrote:
>> I have been half following a discussion on debian-sparc list concerning
> whether
>> or not normal users should be allowed to influence which libraries a setuid
>> program is loaded with. The question arose as to whether allowing LD_PRELOAD
> to
>> work on setuid binaries is a standard 'Unix' practice. Does anybody feel like
>> answering this question for the case of OpenBSD? I am willing to forward the
>> reply.
> Definitely NOT standard... or else, use the following code fragment:
> int getuid()
> {
> return whatever;
> }
> int geteuid()
> {
> return whatever;
> }
> makes it rather easy to impersonate someone, doesn't it ?
> If you allow LD_PRELOAD, you effectively make it impossible to use ANY library
> call from a setuid program, while suid'ed.
> --
> Marc Espie
His answer is based on wrong assumptions, we're discussing a wee bit
different implementation.
If you allow LD_PRELOAD with any library, you've got this problem. But
with glibc LD_PRELOAD only works on suid libraries if
- the library is in a "trusted" dir (/lib or /usr/lib)
- and you didn't supply the path
For example LD_PRELOAD=./my-libc wouldn't work but LD_PRELOAD=libq.so
where libq.so is in /usr/lib does work.
Andreas
--
Andreas Jaeger aj@arthur.rhein-neckar.de jaeger@informatik.uni-kl.de
for pgp-key finger ajaeger@alma.student.uni-kl.de
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-sparc-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: