cvs commit: src/sbin/nologin Makefile nologin.c
Dag-ErlingSmørgrav
des at des.no
Mon Feb 23 00:53:28 PST 2004
Garance A Drosihn <drosih at rpi.edu> writes:
> My memory fails me. Wasn't there some specific reason that nologin
> is statically-linked? At this point, most programs in /sbin are not
> statically-linked.
monkey business like
LD_LIBRARY_PATH=$HOME/evil/lib su foo
since nologin isn't suid / sgid, LD_LIBRARY_PATH will be obeyed, which
can have interesting results if for instance $HOME/evil/lib contains a
libc.so with a "customized" fprintf().
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the cvs-all
mailing list