This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Hello, I've noticed that $ORIGIN is expanded in RPATH entries for SGID/SUID binaries, on the condition that it is alone (_dl_dst_count, elf/dl-load.c). From http://tinyurl.com/yj7lpr "For security, the dynamic linker does not allow use of $ORIGIN substitution sequences for set-user and set-group ID programs.". Is there any reason why $ORIGIN is permitted on it's own? Of course, this would be a very bad idea as creating a link to a suid program would allow a user to manipulate the value of $ORIGIN. I was planning on submitting a patch that disables this expansion in secure mode, but noticed that Ulrich had already looked at this code in 1999 and made this exception. Thanks, Tavis. -- ------------------------------------- taviso@sdf.lonestar.org | finger me for my pgp key. -------------------------------------------------------
Attachment:
pgp00000.pgp
Description: PGP signature
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |