[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [linux-security] Re: Buffer overflow in Linux's login program

From: wietse porcupine org (Wietse Venema)
To: linux-security redhat com
Subject: Re: [linux-security] Re: Buffer overflow in Linux's login program
Date: Mon, 23 Dec 1996 13:37:37 -0500 (EST)

> [Mod: Just remeber that while by itself suid but does not do much for login,
> it tells ld.so to ignore LD_ variables which can be used to supply a fake
> libc -- alex]

On many systems, ld.so will ignore LD_ variables only when effecive
uid != real uid. In other words,  ld.so does not care if the binary
is set-uid or not, it only looks at the rights of its process.

	Wietse

References:
- Re: [linux-security] Buffer overflow in Linux's login program [Forwarded e-mail from Joe Zbiciak]
  - From: Jon Peatfield

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]