Author: JT Smith
The problem: The dynamic linker ld.so uses several environment variables like LD_PRELOAD
and LD_LIBRARY_PATH to load additional libraries or modify the library
search path. It is unsafe to accept arbitrary user specified values
of these variables when executing setuid applications, so ld.so handles
them specially in setuid programs and also removes them from the
environment. The
update is at LWN.net.
and LD_LIBRARY_PATH to load additional libraries or modify the library
search path. It is unsafe to accept arbitrary user specified values
of these variables when executing setuid applications, so ld.so handles
them specially in setuid programs and also removes them from the
environment. The
update is at LWN.net.
Category:
- Linux
