[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox-cvs
Subject: [Bug 4544] $TMPDIR lost on launching a new non-root shell instance when the SUID bit is set
From: bugzilla () busybox ! net (bugzilla at busybox ! net)
Date: 2011-11-28 3:22:44
Message-ID: 20111128032244.48A458F70B () busybox ! osuosl ! org
[Download RAW message or body]
https://bugs.busybox.net/show_bug.cgi?id=4544
--- Comment #1 from Denys Vlasenko <vda.linux at googlemail.com> 2011-11-28 03:22:43 UTC ---
Found this at http://www.win.tue.nl/~aeb/linux/hh/hh-8.html (see ***):
"8.10 Setuid binaries
As a security measure, the glibc library will return NULL for certain
environment variables that influence the semantics of certain libc functions,
when used from a setuid binary. For glibc 2.2.5-2.3.2 the list is
LD_AOUT_LIBRARY_PATH, LD_AOUT_PRELOAD, LD_LIBRARY_PATH, LD_PRELOAD,
LD_ORIGIN_PATH, LD_DEBUG_OUTPUT, LD_PROFILE, GCONV_PATH, HOSTALIASES,
LOCALDOMAIN, LOCPATH, MALLOC_TRACE, NLSPATH, RESOLV_HOST_CONF, RES_OPTIONS,
***TMPDIR***, TZDIR. Glibc 2.3.3 adds LD_USE_LOAD_BIAS. Glibc 2.3.4 adds
LD_DEBUG, LD_DYNAMIC_WEAK, LD_SHOW_AUXV, GETCONF_DIR. (Pity! LD_DEBUG was so
useful in winning races. But the idea of throttling error message output via a
pipe is still useful.) Glibc 2.4 adds LD_AUDIT. Glibc 2.5.1 adds NIS_PATH. Also
MALLOC_CHECK_ is removed, unless /etc/suid-debug exists."
So. The question is: do you use glibc?
I did test uclibc-based static build and $TMPDIR is not cleared there in
scenarios you described.
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic