Environment Poisoning and login -p
Tim Kientzle
tim at kientzle.com
Thu Feb 26 15:04:03 PST 2004
Andrey Chernov wrote:
> On Wed, Feb 25, 2004 at 10:54:31AM -0800, Tim Kientzle wrote:
>
>>Possible fix: Have login unconditionally discard LD_LIBRARY_PATH
>>and LD_PRELOAD from the environment, even if "-p" is specified.
>
> Yes! It is what I say from very beginning. It is so obvious that I wonder
> why others not see it first.
It is obvious, it's just not very safe. In general,
blacklist approaches are pretty poor; it's
hard to make sure you've caught everything
and future changes to other parts of the system
can easily open new problems.
Instead, I've decided to follow Jacques Vidrine's
suggestion of using a whitelist of environment variables
that are "known-safe."
Tim Kientzle
More information about the freebsd-security
mailing list