On Thu, 17 Jul 2003 11:59:11 +0100, Nick Cleaton <[EMAIL PROTECTED]> wrote: > On Thu, Jul 17, 2003 at 11:18:46AM +0100, Lusercop wrote: >> On Thu, Jul 17, 2003 at 09:47:39AM +0000, Dominic Mitchell wrote: >> > If the executable is +s, LD_PRELOAD et al will be ignored. >> >> Indeed, but will it be stripped or passed to the thing that is exec-ed >> (that thing is unlikely to be +s)? > > It isn't stripped on FreeBSD 4.8, where this works:
Hmmm, no it's ignored, not stripped. According to rtld(1), anyway. I would imagine that it'd be ignored in the case where geteuid() != getuid(), but I have no idea what state child processes would be in, in that case. I think it's safe to assume that you need to completely sanitize your environment in the setuid wrapper. -Dom -- | Semantico: creators of major online resources | | URL: http://www.semantico.com/ | | Tel: +44 (1273) 722222 | | Address: 33 Bond St., Brighton, Sussex, BN1 1RD, UK. |
