misc/41179: [request] LD_LIBRARY_PATH security checks
arundel at FreeBSD.org
arundel at FreeBSD.org
Wed Nov 24 02:04:35 UTC 2010
Synopsis: [request] LD_LIBRARY_PATH security checks
State-Changed-From-To: suspended->closed
State-Changed-By: arundel
State-Changed-When: Wed Nov 24 01:47:22 UTC 2010
State-Changed-Why:
The situation described in this PR *only* applies to the root user. The purpose
of running any commands as uid=0 is to have no security checks in place.
If a regular user uses su(1) to gain root priviliges he should be aware that all
his enviremental settings (unless su(1) was invoked with the -l switch) will
*not* be discarded.
The idea of adding security checks to LD_LIBRARY_PATH similar to those in
ldconfig(8) was defenately a good idea, but since it never caught on i'll
close this. Also even OpenBSD - famous for it's security awareness - doesn't
seem to have incorporated this or a similar concept.
http://www.freebsd.org/cgi/query-pr.cgi?pr=41179
More information about the freebsd-bugs
mailing list