On Sun, Oct 03, 2004 at 05:19:51AM -0700, Ben Collver wrote:
> 2) /usr/bin/id is dynamic linked to libc, so one could use
> LD_PRELOAD and a libc wrapper to execute arbitrary code.  I am not
> certain about this one.

I should have read the manual before writing this one.  From
ld.elf_so(1):

SECURITY CONSIDERATIONS
The environment variables LD_LIBRARY_PATH and LD_PRELOAD are not honored
when executing in a set-user-ID or set-group-ID environment.  This action
is taken to prevent malicious substitution of shared object dependencies
or interposition of symbols.

Cheers,

Ben