File: README.fake

package info (click to toggle)
sdate 0.4
  • links: PTS, VCS
  • area: main
  • in suites: jessie, jessie-kfreebsd
  • size: 1,036 kB
  • ctags: 64
  • sloc: sh: 3,008; ansic: 149; makefile: 65; perl: 18
file content (33 lines) | stat: -rw-r--r-- 1,112 bytes parent folder | download | duplicates (5)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
Security considerations
-----------------------

The following notes on shared libs in fakeroot equally apply to libsdate:

---------8<---------
In /usr/lib/ there's a _SETUID_ libfakeroot.

However, it's a *fake* fakeroot -- it doesn't wrap any `interesting'
functions (check with `nm -D /usr/lib/libfakeroot.so').

It was needed, because we need the LD_LIBRARY_PATH variable set.
But, with it set, $LD_PRELOAD cannot start with a / anymore.
And, if $LD_PRELOAD doesn't start with a slash, then for
some strange reason (BUG, if you ask me), ld.so starts looking
for $LD_PRELOAD, even if the binary is has the suid bit set.

OK, that would be *REALLY* bad (anyone starting `fakeroot su' would
gain root). But, fortunately, ld.so *does* ignore LD_LIBRARY_PATH.
However, now ld.so cannot find the $LD_PRELOAD library any more,
and it refuses to load the binary.


Apparently, the *only* way to fix this, was to put a fake libfakeroot
in /usr/lib/libfakeroot.so, and set it's suid bit.

So, that's why.

Annoyed is,
joostje.
--------->8---------

 -- Christoph Berg <cb@df7cb.de>, Thu, 4251 Sep 1993 23:40:19 +0100