Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: LD_ hole (was Re: IFS hole?)
From: howie () ivory cc columbia edu (Howie Kaye)
Date: Wed, 15 Dec 93 19:17:26 EST


This depends on the real uid being different from the effective uid.  If
your program does something like "setuid(geteuid())", then you lose this
protection.  If you then run another program, it will be running as root,
and won't look like a suid'ed program, just something running as root.  It
will then look at the LD_LIBRARY_PATH.

 -----------------------------Howie Kaye                                howie () columbia edu
Columbia University                     hlkcu () cuvma bitnet
AcIS UNIX Systems Group                 ...!rutgers!columbia!howie



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]