From kde-devel  Thu May 24 13:33:55 2007
From: "Thiago Macieira" <thiago () kde ! org>
Date: Thu, 24 May 2007 13:33:55 +0000
To: kde-devel
Subject: Re: LD_PRELOAD question
Message-Id: <3209.172.26.0.1.1180013635.squirrel () 172 ! 26 ! 0 ! 1>
X-MARC-Message: https://marc.info/?l=kde-devel&m=118001370516571

Lubos Lunak said:
>  We should probably find a universal solution for this, as this applies to
> more LD_* stuff (LD_LIBRARY_PATH comes to mind). The wrapper could even
> restore them itself, the slight problem is that the list of reset vars for
> setuid apps is hidden somewhere in libc sources and grows over the time.
> An
> obvious solution could be dropping the wrapper, but I'd prefer not to -
> this
> cluebat actually makes OOM conditions to be handled quite fine :(.

Actually, that's not hard to do...

We need a wrapper for the wrapper. One that dumps the environment to a
file and then starts the wrapper. The wrapper, in turn, after dropping its
privileges, resets the environment.

The only thing is that start_kdeinit is meant to be a very small program
to avoid security issues. But it can be done. Read stdin, change the \n to
\0 then build a NULL-terminated index of entries. Pass that to execvpe(3).

That resets all of the environment, regardless of the list that libc keeps
(whichever libc that is, on whichever system).

-- 
  Thiago Macieira  -  thiago (AT) macieira.info - thiago (AT) kde.org
    PGP/GPG: 0x6EF45358; fingerprint:
    E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358


 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<