[Full-disclosure] DLL hijacking on Linux
tmb at 65535.com
Wed Aug 25 10:58:27 BST 2010
On Wednesday 25 August 2010 10:38:37 Mihai Donțu wrote:
> man sudo(8):
> "Note that the dynamic linker on most operating systems will remove
> variables that can control dynamic linking from the environment of setuid
> executables, including sudo. Depending on the operating system this may
> include _RLD*, DYLD_*, LD_*, LDR_*, LIBPATH, SHLIB_PATH, and others. These
> type of variables are removed from the environment before sudo even begins
> execution and, as such, it is not possible for sudo to preserve them."
Absolutely, but in the case I gave, the path is set /by the script/, not
inherited from the original user. The script sets the dangerous path, but
since sudo hasn't changed the CWD it points at the directory the user running
sudo was in.
<mailto:tmb at 65535.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 836 bytes
Desc: This is a digitally signed message part.
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100825/33240348/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.