[sudo-users] Keep LD_LIBRAY_PATH
Edward.Schernau at CITIZENSBANK.com
Thu Nov 2 12:55:34 EST 2006
Until someone breaks out of your shell script and ends up at a root
From: sudo-users-bounces at courtesan.com
[mailto:sudo-users-bounces at courtesan.com] On Behalf Of Russell Van
Sent: Thursday, November 02, 2006 12:39 PM
To: Todd C. Miller
Cc: sudo-users at courtesan.com
Subject: Re: [sudo-users] Keep LD_LIBRAY_PATH
On Thu, Nov 02, 2006 at 09:46:01AM -0500, Todd C. Miller wrote:
> In message <4549F682.4080200 at gmail.com>
> so spake Jan Albrecht (jan.albrecht):
> > I think crle is no option as I have to use on a system eviroment
> > HP-UX, AIX, Linux and Solaris are running. So there must be a system
> > wide solution.
> > Is there no native way by sudo?
> The problem is that most dynamic linkers remove LD_LIBRAY_PATH when
> running a setuid program (like sudo) so by the time sudo runs it
> is not even in the environment.
> If you cannot change the global list of allowed shared library
> locations you can always make a script that just sets the variable
> appropriately and then executes the program that needs it.
> - todd
*nod* I mentioned this a day or two ago... realistically, if you're
using sudo chances are you really don't want to simply blindly pass
through something like LD_LIBRARY_PATH -- the possible nastiness there
is, well... probably outside of this discussion.
It's really best to just write a simple wrapper script and name it
something conscipicuous with regards to the actual executeable:
Russell M. Van Tassell
russell at loosenut.com
Try not to have a good time ... This is supposed to be educational.
-- Charles Schulz
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
Use of email is inherently insecure. Confidential information,
including account information, and personally identifiable
information, should not be transmitted via email, or email
attachment. In no event shall Citizens or any of its affiliates
accept any responsibility for the loss, use or misuse of any
information including confidential information, which is sent to
Citizens or its affiliates via email, or email attachment. Citizens
does not guarantee the accuracy of any email or email attachment,
that an email will be received by Citizens or that Citizens will
respond to any email.
This email message is confidential and/or privileged. It is to be
used by the intended recipient only. Use of the information
contained in this email by anyone other than the intended recipient
is strictly prohibited. If you have received this message in error,
please notify the sender immediately and promptly destroy any
record of this email.
More information about the sudo-users