mailing list archives
Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.
From: Casper.Dik () Sun COM
Date: Thu, 23 Nov 2006 10:23:59 +0100
A class of security vulnerabilities has resurfaced in the dynamic loaders
of FreeBSD, OpenBSD, and NetBSD in the sanitization of environment
variables for suid and sgid binaries.
In Solaris we have long felt that the dynamic linker should not touch the
environment; instead, the onus is on applications running setuid(0) and
starting subprocesses to strip the appropriate environment variable
(or better, set the environment to a sensible default)
Various bugs of this sort have been fixed in Solaris over the years, in
the set-uid programs. It is just one of the things set-uid program writes
need to be aware of.
As a number of set-uid applications start programs as the user later on,
stripping such environment variables often has undesirably side-effects.