On 09/14/2015 09:42 PM, Michael Kerrisk (man-pages) wrote:
Yury,
On 1 September 2015 at 09:18, Yury Gribov <y.gribov@xxxxxxxxxxx> wrote:
On 08/31/2015 07:12 PM, Maria Guseva wrote:
Hello,
For the purpose of security many ld.so options(e.g. --inhibit-rpath,
LD_LIBRARY_PATH and others) are disabled for secure types of programs.
Current ld.so man page mentions them as set-user-ID/set-group-ID binaries.
However according to GNU libc sources there could be other cases where
__libc_enable_secure is set to non-zero -- when AT_SECURE value is set in
auxiliary vector:
While at it, could you also mention that /etc/suid-debug enables LD_DEBUG
for suids?
Does it? I can't see that in the glibc source. Am I missing something?
I was looking at process_envvars (in rtld.c): it resets dl_debug_mask
for AT_SECURE binaries unless /etc/suid-debug exists.
-Y
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
