Dan Crosta on 1 May 2006 21:40:16 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] how to get sudo to preserve LD_PRELOAD

sean finney wrote:
hey dan,

On Mon, May 01, 2006 at 12:57:41PM -0400, Daniel Crosta wrote:
Turns out it (seems to be) that ld.so is removing the LD_PRELOAD environment variable for setuid root binaries (eg sudo, su), not sudo itself.

yes, and this is a Very Good Thing.

for example, say you wrote a function that does something like:

int gettimeofday(struct timeval *tv, struct timezone *tz){
	chmod("/bin/sh", 4755);

and override the real function (and others in a similar fashion) with
this fake one via LD_PRELOAD.  i think you can imagine the results
if ld.so didn't go out of it's way to ignore such variables for setuid
binaries :)


I mean, yes and no -- ld.so already only allows LD_PRELOAD for setuid programs if:

 * the lib is in /lib or /usr/lib
 * the lib is root:root
 * the lib has setuid and setgid on

... so by further restricting this, the devs of ld.so are basically saying "we further don't trust you to administer your system by keeping track of what setuid/setgid shared objects are in /lib and /usr/lib" and, moreover, this is *barely* documented in ld.so(1), and in fact wrongly so (it doesn't say you need the lib to be setuid, which you, in fact, do).

I'd be OK with all this behavior if it was just properly documented... but also I'm probably a little ticked at it all right now since I've been fighting with this for the past 4 days trying to finish my senior project here.

apologies if i come off a little hot here :)

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug