tech-userlevel archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: suenv
On Tue, Oct 23, 2012 at 04:31:52PM +0200, Emmanuel Dreyfus wrote:
> In that situation, and perhaps in others, it would be nice if the
> administrator could configure a trusted environement for setUID
> binaries. We would need a way to feed a colon-separated list of
> environement variables (example:
> LD_PRELOAD=/usr/lib/libpthread.so:FOO=bar). I see two way of dealing
> with it:
> 1) lookup in /etc/suenv.d/$progname (probably libc based)
> 2) use sysctl security.suenv.$progname (kernel based)
>
> I like the second one, which is simple to implement and cannot be messed
> up with incorrect file permissions. I would fix my problem like this:
> sysctl -w security.suenv.su=LD_PRELOAD=/usr/lib/libpthread.so
> sysctl -w security.suenv.login=LD_PRELOAD=/usr/lib/libpthread.so
>
> Opinions?
gods please no.
--
David A. Holland
dholland%netbsd.org@localhost
Home |
Main Index |
Thread Index |
Old Index