Roland McGrath <[EMAIL PROTECTED]> writes: > > > In Unix, if I run setuid program foo, and foo runs program bar, then > > > the dynamic loader, noticing that ruid!=euid, will ignore LD_PRELOAD, > > > etc., when loading bar. (Right?) This is because LD_PRELOAD is under > > > the control of a user different from the one whose privileges we have > > > now. Isn't the same true for the Hurd? > > > > Well, we don't have LD_PRELOAD. :) > > Yes, we do, and yes, it behaves just the same. Same goes for LD_LIBRARY_PATH > and other such things.
I thought there was some special Linux widget in the dynamic loader that we don't support. Maybe that's just long gone. Anyhow, the point is a good one with respect to environment variables, and perhaps we should enable EXECSERVERS with the suggested tweak, that it is off for secure exec and for euid!=ruid. Alternatively, perhaps we should have *all* cases of euid!=ruid turn on the secure exec flag. _______________________________________________ Bug-hurd mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/bug-hurd
