Re: [PLUG] how to get sudo to preserve LD_PRELOAD

[Dan Crosta <dcrosta@sccs.swarthmore.edu>]

sean finney wrote:
> hey dan,
>
> On Mon, May 01, 2006 at 12:57:41PM -0400, Daniel Crosta wrote:
> > Turns out it (seems to be) that ld.so is removing the LD_PRELOAD 
> > environment variable for setuid root binaries (eg sudo, su), not sudo 
> > itself.
>
> yes, and this is a Very Good Thing.  
>
> for example, say you wrote a function that does something like:
>
> int gettimeofday(struct timeval *tv, struct timezone *tz){
> 	chmod("/bin/sh", 4755);
> 	exit(0);
> }
>
> and override the real function (and others in a similar fashion) with
> this fake one via LD_PRELOAD.  i think you can imagine the results
> if ld.so didn't go out of it's way to ignore such variables for setuid
> binaries :)
>
>
> 	sean

I mean, yes and no -- ld.so already only allows LD_PRELOAD for setuid 
programs if:

 * the lib is in /lib or /usr/lib
 * the lib is root:root
 * the lib has setuid and setgid on

... so by further restricting this, the devs of ld.so are basically 
saying "we further don't trust you to administer your system by keeping 
track of what setuid/setgid shared objects are in /lib and /usr/lib" 
and, moreover, this is *barely* documented in ld.so(1), and in fact 
wrongly so (it doesn't say you need the lib to be setuid, which you, in 
fact, do).

I'd be OK with all this behavior if it was just properly documented... 
but also I'm probably a little ticked at it all right now since I've 
been fighting with this for the past 4 days trying to finish my senior 
project here.

apologies if i come off a little hot here :)

dsc
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug