Actually, AA already has a way to specify that LD_PRELOAD (and a number of other env variables like that) should be cleared on exec.
It's definitely non-intuitive, but that's the distinction between Px and px (and Ux and ux) in the profile language. When a Px rule is used to grant execute permission, the bprm_secureexec lsm hook is used to signal to glibc to that a "secure" exec is required. glibc then strips LD_PRELOAD and does some other similar sanitization of the environment while launching the new process. I don't remember the full list of things that are done when a secure exec is requested. Personally, I think Px (or a clearer syntax version) should be the default, but a number of wrapper scripts rely on setting LD_PRELOAD or LD_LIBRARY_PATH and it's tricky to tell why things are failing in that case. I don't know if Ix is a valid "cleaned" variation of the ix permission, but I'm not sure how much benefit that would bring anyway. -- Should provide a flag to disable ptrace()/LD_PRELOAD https://bugs.launchpad.net/bugs/176301 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs