:On Mon, Jul 26, 1999, Nate Williams wrote:
:> > > LD_LIBRARY_PATH, LD_PRELOAD and LD_DEBUG are ignored for setuid
executables
:> > > in FreeBSD.
:> >
:> > But the point being made is that they are not ignored for executables
:> > which have no read access. And from there, read access can be gained,
:> > because at that point, you have code running in the process's address
:> > space.
:>
:> That's right. In other words, there really is no way of protecting
:> executable files from being read if someone is motivated enough.
:>
:> And, in an open-source OS like FreeBSD, it's not a viable solution in
:> any case....
:
: The only option, as I've mentined previously in this thread,
:that I can think of, would be to have an option when building
:various linker code to disable searching in $LD_LIBRARY_PATH if
:the library being looked for is in the standard library paths.
:
:--
:|Chris Costello <ch...@calldei.com>
LD_LIBRARY_PATH was a huge security hole when it was first introduced
and you know what? It STILL IS!
We are opening up a can of worms here. It's one of those things where
we either have to make the decision to try to protect the binary that
the owner decided to make execute-only, or to give up.
* LD_LIBRARY_PATH?
* core dumps for execute-only binaries?
* ktrace for execute-only binaries?
If I were to put my foot down I would say off with their heads! i.e.
disallow all three if the non-root-run binary is execute-only.
-Matt
Matthew Dillon
<dil...@backplane.com>
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-hackers" in the body of the message
