[prev in list] [next in list] [prev in thread] [next in thread] 

List:       busybox-cvs
Subject:    [Bug 4544] $TMPDIR lost on launching a new non-root shell instance when the SUID bit is set
From:       bugzilla () busybox ! net (bugzilla at busybox ! net)
Date:       2011-11-28 3:22:44
Message-ID: 20111128032244.48A458F70B () busybox ! osuosl ! org
[Download RAW message or body]

https://bugs.busybox.net/show_bug.cgi?id=4544

--- Comment #1 from Denys Vlasenko <vda.linux at googlemail.com> 2011-11-28 03:22:43 UTC ---
Found this at http://www.win.tue.nl/~aeb/linux/hh/hh-8.html (see ***):

"8.10 Setuid binaries

As a security measure, the glibc library will return NULL for certain
environment variables that influence the semantics of certain libc functions,
when used from a setuid binary. For glibc 2.2.5-2.3.2 the list is
LD_AOUT_LIBRARY_PATH, LD_AOUT_PRELOAD, LD_LIBRARY_PATH, LD_PRELOAD,
LD_ORIGIN_PATH, LD_DEBUG_OUTPUT, LD_PROFILE, GCONV_PATH, HOSTALIASES,
LOCALDOMAIN, LOCPATH, MALLOC_TRACE, NLSPATH, RESOLV_HOST_CONF, RES_OPTIONS,
***TMPDIR***, TZDIR. Glibc 2.3.3 adds LD_USE_LOAD_BIAS. Glibc 2.3.4 adds
LD_DEBUG, LD_DYNAMIC_WEAK, LD_SHOW_AUXV, GETCONF_DIR. (Pity! LD_DEBUG was so
useful in winning races. But the idea of throttling error message output via a
pipe is still useful.) Glibc 2.4 adds LD_AUDIT. Glibc 2.5.1 adds NIS_PATH. Also
MALLOC_CHECK_ is removed, unless /etc/suid-debug exists."


So. The question is: do you use glibc?

I did test uclibc-based static build and $TMPDIR is not cleared there in
scenarios you described.

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[prev in list] [next in list] [prev in thread] [next in thread]