On Tue, Oct 05, 2010 at 04:03:47PM +0200, Dejan Muhamedagic wrote: > > So it is run periodically by root (well, the lrmd, as root). > > Even though the cwd of lrmd should be ok, permission wise, in case the > > script does cd into somewhere (I don't think it does, now) where someone > > with lesser privilege was able to place some evil *.so, the next command > > executed by the script may do interesting things. > > I really doubt that, though it looks dangerous, there is a way to > exploit this without root access.
You never know. The script itself may not, but it starts something else, which may cd somewhere else, then fork/exec. > > Simply doing > > #remove it, if present. > > LD_LIBRARY_PATH=${LD_LIBRARY_PATH#"$DIR_EXECUTABLE"} > > #remove possible remaining leading : > > LD_LIBRARY_PATH=${LD_LIBRARY_PATH#:} > > #prepend it > > LD_LIBRARY_PATH=$DIR_EXECUTABLE:$LD_LIBRARY_PATH > > #remove possible trailing : > > LD_LIBRARY_PATH=${LD_LIBRARY_PATH%:} > > Hmm, this smells like bashisms, are they? No, I don't think so. But they are not strictly correct, if $D is only a prefix of the first component of $L... Let's see, how about this (using dash as my "reference most stupid shell readily available"): #!/bin/dash prepend_unless_member() { local l d l=$1 d=$2; case $l in "$d"|"$d":*|*:"$d"|*:"$d":*) # already member ;; "") # empty, don't add a separator l=$d;; *) # prepend l=$d:$l;; esac; echo "prepend '$d' to '$1' unless member results in $l"; } dir=TRY for l in "" $dir $dir:bla:foo bla:$dir:foo bla:foo:$dir bla bla:foo; do prepend_unless_member "$l" "$dir" done results in: prepend 'TRY' to '' unless member results in TRY prepend 'TRY' to 'TRY' unless member results in TRY prepend 'TRY' to 'TRY:bla:foo' unless member results in TRY:bla:foo prepend 'TRY' to 'bla:TRY:foo' unless member results in bla:TRY:foo prepend 'TRY' to 'bla:foo:TRY' unless member results in bla:foo:TRY prepend 'TRY' to 'bla' unless member results in TRY:bla prepend 'TRY' to 'bla:foo' unless member results in TRY:bla:foo looks good to me. If it is required that $d has to become the first component, not be directly duplicated, but possibly repeated in a later component, then - "$d"|"$d":*|*:"$d"|*:"$d":*) + "$d"|"$d":*) -- : Lars Ellenberg : LINBIT | Your Way to High Availability : DRBD/HA support and consulting http://www.linbit.com DRBD® and LINBIT® are registered trademarks of LINBIT, Austria. _______________________________________________________ Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev Home Page: http://linux-ha.org/