Hi, I feel I need to provide more context for the LD_PRELOAD issue. Yes, I'm well aware that set[ug]id programs ignore LD_PRELOAD and the other LD_* environment variables. The context is a software license manager. A commercial software organization wants to protect its software with a license manager which relies on accurate time information. Any user of the system, including root, must be viewed as a potential cracker. This is not your usual security issue. Now, any license manager can be spoofed, from as blunt an attack as changing the system time to sophisticated reverse-engineering attacks on the license manager binary. The issue is to prevent "cheap" attacks -- if attacking the license manager is expensive enough, people won't bother (or they'll find other avenues of attack. :-)) Changing the system time introduces all kinds of problems, so most potential license abusers won't do it. A two-line shell script with a 6-line C program is a very cheap attack on a dynamically-linked license manager daemon. Attacking a statically-linked license manager binary is quite a bit more expensive, and should greatly reduce the incentive for an attack. -- David F. Skoll
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:45:53 PDT