gnats/435: exec of setuid root program loses some environment variables

bug-gnats

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gnats/435: exec of setuid root program loses some environment variables

From:	jhenson
Subject:	gnats/435: exec of setuid root program loses some environment variables
Date:	Wed, 20 Nov 2002 15:59:05 -0500

>Number:         435
>Notify-List:    
>Category:       gnats
>Synopsis:       exec of setuid root program loses some environment variables
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Nov 20 15:59:05 -0500 2002
>Originator:     Jimmy Henson
>Release:        glibc-2.2.5
>Organization:
Connecterra.com
>Environment:
i686, RH7.3, ? , glibc-2.2.5
>Description:
Certain environment variables are removed from the environment of an exec'ed 
program, when that program is owned by root with the setuid bit set.

One such variable is LD_LIBRARY_PATH.  But this is OK:  it is known that setuid 
programs delete LD_LIBRARY_PATH from the environment list. (See 
/usr/src/redhat/SOURCES/glibc-2.2.5/sysdeps/generic/unsecvars.h)

The bug is that the environment variables G, H, L, M, N, R, and T are also 
deleted from the environment.  Suspiciously, these happen to be exactly the set 
of initial letters of the variables listed in unsecvars.h...
>How-To-Repeat:
Please see attachment.
>Fix:
Unknown
>Unformatted:

[Prev in Thread]

Current Thread

[Next in Thread]

gnats/435: exec of setuid root program loses some environment variables, jhenson <=

Prev by Date: gnats/434: Calls to isspace() uses signed chars
Next by Date: fconfig.y missing a semi-colon
Previous by thread: gnats/434: Calls to isspace() uses signed chars
Next by thread: fconfig.y missing a semi-colon
Index(es):
- Date
- Thread