|Dan Crosta on 1 May 2006 21:40:16 -0000|
sean finney wrote:
I mean, yes and no -- ld.so already only allows LD_PRELOAD for setuid programs if:
* the lib is in /lib or /usr/lib * the lib is root:root * the lib has setuid and setgid on
... so by further restricting this, the devs of ld.so are basically saying "we further don't trust you to administer your system by keeping track of what setuid/setgid shared objects are in /lib and /usr/lib" and, moreover, this is *barely* documented in ld.so(1), and in fact wrongly so (it doesn't say you need the lib to be setuid, which you, in fact, do).
I'd be OK with all this behavior if it was just properly documented... but also I'm probably a little ticked at it all right now since I've been fighting with this for the past 4 days trying to finish my senior project here.
apologies if i come off a little hot here :)
dsc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug