mailing list archives
Re: ld.so bug - LD_DEBUG_OUTPUT follows symlinks
From: "Dwayne C . Litzenberger" <dlitz () CHEERFUL COM>
Date: Tue, 26 Sep 2000 17:52:14 -0600
On Tue, Sep 26, 2000 at 02:11:12AM +0200, Jakub Vlasek wrote:
ld.so from glibc2 doesn't unset variables LD_DEBUG_OUTPUT and LD_DEBUG
when running suid. If program calls setuid(0) and then fork(), child
process will follow prepared symlink ($LD_DEBUG_OUTPUT.$pid) and
overwrites any file in system.
I could not reproduce this.
When I run the suid program, LD_DEBUG still works (odd, but true), but
LD_DEBUG_OUTPUT seems to be ignored (output goes to the terminal). What
version of glibc2 were you using? (I am using Debian libc6 (a.k.a. glibc2)
Dwayne C. Litzenberger - dlitz () cheerful com
- Please always Cc to me when replying to me on the lists.
- See the mail headers for GPG/advertising/homepage information.