Xref: utzoo alt.security:1511 comp.unix.internals:208
Path: utzoo!utgpu!cs.utexas.edu!uunet!zephyr.ens.tek.com!uw-beaver!ubc-cs!alberta!atha!aupair.cs.athabascau.ca!lyndon
From: lyndon@cs.athabascau.ca (Lyndon Nerenberg)
Newsgroups: alt.security,comp.unix.internals
Subject: Re: SunOS and shared libraries, security aspects
Message-ID: <261@aupair.cs.athabascau.ca>
Date: 11 Sep 90 17:43:08 GMT
References: <1990Aug27.115140.27772@veritas.uucp> <1990Aug27.171211.16272@maverick.ksu.ksu.edu> <1990Aug29.033933.10062@santra.uucp> <3991@auspex.auspex.com> <1990Sep2.093254.11284@santra.uucp>
Organization: Athabasca University
Lines: 28

jkp@cs.HUT.FI (Jyrki Kuoppala) writes:

>So, anyone see somthing wrong with the solution: We write a kludged
>setuid() to unsetenv LD_LIBRARY_PATH and distribute it with
>instructions of how to install it in your machine's shared library.
>We also find out which staticcally-linked programs have the problem
>and instruct users to recompile them and distribute fixed binaries for
>binary-only users.

Yes. A kludge is a kludge, and should be avoided at all costs. What we
really need is an option to ldconfig that allows the system administrator
to specify path components in LD_LIBRARY_PATH that will be honoured by
setuid programs. Or perhaps the option should just hardwire a value
for LD_LIBRARY_PATH that's used by setuid programs. The latter isn't quite
as nice a solution, though (IMHO).

Something like:

  ldconfig [ directory ... ] [ [ -T directory ] ... ]

where the -T flag is used to specify directories that are "trusted" in the
sense that they would be searched by ld when running a setuid program.

-- 
    Lyndon Nerenberg  VE6BBM / Computing Services / Athabasca University
        {alberta,cbmvax,mips}!atha!lyndon || lyndon@cs.athabascau.ca

      The only thing open about OSF is their mouth.  --Chuck Musciano