Return to BSD News archive
Xref: sserve comp.unix.programmer:20127 comp.unix.questions:55107 comp.unix.bsd:14900 Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.oz.au!spool.mu.edu!howland.reston.ans.net!EU.net!sun4nl!fwi.uva.nl!not-for-mail From: casper@fwi.uva.nl (Casper H.S. Dik) Newsgroups: comp.unix.programmer,comp.unix.questions,comp.unix.bsd Subject: Re: Q: set user ID bit and shared libraries Date: 16 Sep 1994 11:02:23 +0200 Organization: FWI, University of Amsterdam Lines: 25 Distribution: world Message-ID: <35bmuv$t6i@mail.fwi.uva.nl> References: <Cw6Dq0.G76@Newbridge.COM> NNTP-Posting-Host: mail.fwi.uva.nl Keywords: UID, shared libraries shayman@Newbridge.COM (Scott Hayman) writes: >My question is this: does an executable with its UID bit set search >for shared libaries, or does it only try to find it where it was >built? Is there a way to build an executable with its UID bit set so >that it can find a shared library in the current directory, even if >the current directory won't be the same on all machines? It does use the directories specified with -L (-R on Solaris) *except* when you specify relative pathnames. This is to prevent the following to cause security problems: -L../../lib/libfoo -lfoo -L/usr/foo/lib ^look here at link time ^^here at runtime. A use can make the directory lib/libfoo, cd there and add a libfoo there. The set-uid executable will now use that libfoo and security is breached. This was an actual problem in X11 builds. So, the answer is NO: the set-uid executable cannot be build to find the library in the current directory, unless you now before hand what the directoy is going to be. Casper