Proposing to host system-auth-agent in fdo

Carlos Perello Marin carlos at
Mon Oct 18 02:24:29 EEST 2004

On Sun, 2004-10-17 at 17:38 -0400, David Collier-Brown wrote:
> Carlos Garnacho <carlosg at> wrote:
> >>I'm not saying this is an root exploit or anything, just that the actual
> >>check for authenticating which apps are allowed to start root apps isn't
> >>secure. You still have to type in the root password (unless it was
> >>cached...)
> > 
> > 
> > Ok, the program that uses the API could still be affected by LD_PRELOAD,
> > but let's suppose the next scenario:
> > 
> > Joe tries to do weird stuff, writes a .so file that replaces getuid()
> > calls to impersonate Frank and tries to run "rm -rf /", runs
> > control-center with LD_PRELOAD
> > 
> > 1) system-auth-manager will still know which is the calling user, as it
> > isn't affected by LD_PRELOAD
> > 
> > 2) system-auth-manager will check that user Joe is allowed to run the
> > "rm" command, if he isn't, the root password will be requested, and the
> > whole LD_PRELOAD won't be effective at all. 
> 	Will Linux load an LD_PRELOAD from a non-root-owned
> 	directory tree for a setuid executable?

Linux will ignore LD_PRELOAD with any setuid executable.

> 	That's one of the checks that the "Linker Aliens" (the
> 	dynamic linker team at Sun, who I used to work with)
> 	asked to be made part of the security standard for
> 	If not, what's the appropriate list to discuss **that** on?

No idea, but as I said (and others in this thread), Linux will never use
LD_PRELOAD if the executable is setuid. That could be a really BIG
security hole :-)


> --dave (former professional paranoid) c-b
Carlos Perelló Marín
Ubuntu Warty (PowerPC)  =>
Linux Registered User #121232
mailto:carlos at || mailto:carlos at
Valencia - Spain
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : 

More information about the xdg mailing list