tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: suenv

On Tue, Oct 23, 2012 at 04:31:52PM +0200, Emmanuel Dreyfus wrote:
 > In that situation, and perhaps in others, it would be nice if the
 > administrator could configure a trusted environement for setUID
 > binaries. We would need a way to feed a colon-separated list of
 > environement variables (example:
 > LD_PRELOAD=/usr/lib/ I see two way of dealing
 > with it:
 > 1) lookup in /etc/suenv.d/$progname (probably libc based)
 > 2) use sysctl security.suenv.$progname (kernel based)
 > I like the second one, which is simple to implement and cannot be messed
 > up with incorrect file permissions. I would fix my problem like this:
 > sysctl -w
 > sysctl -w security.suenv.login=LD_PRELOAD=/usr/lib/
 > Opinions?

gods please no.

David A. Holland

Home | Main Index | Thread Index | Old Index