On Wednesday, Aug 16th 2006 at 08:24 -0700, quoth Richard Troy: =>> From: Steven W. Orr <steveo@xxxxxxxxxxx> =>> =>> The LD_LIBRARY_PATH variable should hardly *ever* be set. Please use the =>> /etc/ld.so.conf file instead. The only time you should be using this =>> variable is if you are running a program which has a choice at execution =>> time for which shared library you want to select from. =>> =>> Having said all that, the setenv is a csh command and you seem to be =>> setting your variable in your .bash_profile =>> =>> Wrong place dude. If you are running a csh flavored shell then you need to =>> set it in you ~/.login =>> => =>Hi Steven, => =>Your post piqued my interest from a security point of view and I'm =>wondering if you can comment; If /etc/ld.so.conf is set correctly, will =>LD_LIBRARY_PATH be used? There's a product I'm familliar with that needs =>to run "arbitrary" code and provides the sys admin a config file in which =>to set environmental variables such as PATH, IFS, among others - including =>LD_LIBRARY_PATH - to help reduce the risk that someone will break in using =>that product. My understanding was that by setting LD_LIBRARY_PATH =>explicitly to something it would override any previous setting, reducing =>the risk someone would change out a key library in an attack. ... =>Comments? LD_LIBRARY_PATH overrides ld.so.conf unless if the program being run is run by root or if the program is setuid to root. In those cases, the variable is ignored. This is for obvious security reasons. The ld.so.conf setup is observed regardless of what user you are. The idea is that the content of ld.so.conf is set by someone who is root and so is basically declaring the entries in that file to be "trusted directories". Note that /lib and /usr/lib are not in ld.so.conf at all since they are pre-presumed to be trusted. On Wednesday, Aug 16th 2006 at 12:59 -0400, quoth Mark Heslep: =>Note that recommendation requires working as root. Exactly my point. See above :-) -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net _______________________________________________ Redhat-devel-list mailing list Redhat-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/redhat-devel-list
