>>>>> "Don" == Don Dugger <n0ano@valinux.com> writes: Don> That's a pretty stong argument for not using the environment Don> variable approach. If we go with using a hard coded path, like Don> `/usr/ia32', then there is no security hole. This just becomes Don> another tree that has to have protected files the same way `/' Don> needs protected files. I don't see the problem for environment variables either, LD_IA32_PATH should just be treated like LD_LIBRARY_PATH and do magic for suid binaries. On the other hand if the sysadmin allows you to overwrite /usr/ia32/lib then you are in the same situation as if the user can overwrite /usr/lib ;-) Cheers JesReceived on Mon Sep 10 02:27:04 2001
This archive was generated by hypermail 2.1.8 : 2005-08-02 09:20:05 EST