> 44 1383 821921 writes:
> I enquired about LD_PRELOAD on the misc@openbsd.org list (for those who don't
> know, OpenBSD is a variant of BSD which specialises in security and
> multi-platform support). I obtained the following response.
> David Scott
> --
I enquired about LD_PRELOAD on the misc@openbsd.org list (for those who don't
know, OpenBSD is a variant of BSD which specialises in security and
multi-platform support). I obtained the following response.
David Scott
-
I am not our Fearless Leader, but hopefully my opinions (and my arguments)
still have some weight, at least regarding security issues.
Basically, I think that normal users shouldn't be allowed to influence
which libraries a setuid program is loaded with. I don't really care if
LD_PRELOAD is comple
Juan Cespedes <[EMAIL PROTECTED]> writes:
> I didn't want that address to receive mails addressed to
> [EMAIL PROTECTED]'.
Neither do I, but the maintainer of @packages.debian.org disagrees.
(BTW, he claimed "the sparc folks" did).
> I'll change the Maintainer: field in the next upload (in one o
On Mon, Feb 09, 1998 at 10:36:26PM +, James Troup wrote:
> James Troup <[EMAIL PROTECTED]> writes:
>
> [ lots of stuff that was intended for debian-private and not
> debian-sparc ]
>
> Excuse me, but which genius decided to use a *public* mailing list as
> a Maintainer: address?
So
On Mon, 9 Feb 1998, Christoph Lameter wrote:
> Nobody should be able to run LD_PRELOAD with suid binaries. The issue with
> nfslock can be solved differently as Joost has said. And being able to set
> LD_PRELOAD on one machine and then rsh to exec a command on another
> (and the other machine obey
Nobody should be able to run LD_PRELOAD with suid binaries. The issue with
nfslock can be solved differently as Joost has said. And being able to set
LD_PRELOAD on one machine and then rsh to exec a command on another
(and the other machine obeys the LD_PRELOAD!) seems to be another reason
to disab
On Mon, Feb 09, 1998 at 09:30:15PM +, James Troup wrote:
> Juan Cespedes <[EMAIL PROTECTED]> writes:
>
> > Yes, both ld-linux.so.2 and ld-linux.so.1 should be fixed; nobody
> > should be able to run a setuid program in a LD_PRELOAD environment.
> > At least, I can't find any reason to allow it
In an attempt to save the world from disaster, James Troup wrote:
> Juan Cespedes <[EMAIL PROTECTED]> writes:
>
> > Yes, both ld-linux.so.2 and ld-linux.so.1 should be fixed; nobody
> > should be able to run a setuid program in a LD_PRELOAD environment.
> > At least, I can't find any reason to all
James Troup <[EMAIL PROTECTED]> writes:
[ lots of stuff that was intended for debian-private and not
debian-sparc ]
Excuse me, but which genius decided to use a *public* mailing list as
a Maintainer: address? Please don't do that it a) violates policy[1],
and b) is plain silly, IMNSHO, if some
Juan Cespedes <[EMAIL PROTECTED]> writes:
> Yes, both ld-linux.so.2 and ld-linux.so.1 should be fixed; nobody
> should be able to run a setuid program in a LD_PRELOAD environment.
> At least, I can't find any reason to allow it, and many people could
> use it to try to find exploits.
But there _a
On Wed, Jan 28, 1998 at 11:52:45PM +, Mark Baker wrote:
> On Wed, Jan 28, 1998 at 11:46:46PM -, [EMAIL PROTECTED] wrote:
> > Fakeroot is not the only library in a privileged directory that should
> > not be run with a setuid executable by an unprivileged user.
> > Although I don't know of a
12 matches
Mail list logo
