netbsd-bugs: Re: bin/2905: setting environment vars from login

Subject: Re: bin/2905: setting environment vars from login
To: None <seebs@solon.com>
From: Mike Long <mike.long@analog.com>
List: netbsd-bugs
Date: 10/30/1996 17:25:44

>Date: Wed, 30 Oct 1996 12:46:52 -0600 (CST)
>From: Peter Seebach <seebs@solon.com>

>But you know, we have a similar problem already....
>
>	LD_LIBRARY_PATH=... login -p sync
>(if you have sync as a login...)
>
>In general, I think this has the potential to be a security bug worth
>looking at...

login is a setuid-root binary.  IIRC, ld.so ignores LD_LIBRARY_PATH
when it loads setuid (& setgid?) dynamic binaries.
-- 
Mike Long <mike.long@analog.com>     <URL:http://www.shore.net/~mikel>
VLSI Design Engineer         finger mikel@shore.net for PGP public key
Analog Devices, CPD Division          CCBF225E7D3F7ECB2C8F7ABB15D9BE7B
Norwood, MA 02062 USA       (eq (opinion 'ADI) (opinion 'mike)) -> nil