Professional Web Applications Themes

Failed to find the shared library when SUID is set? - UNIX Programming

I have a executable(-rwxr-xr-x) calling the oracle library. Its owner is a normal user USERA and the LD_LIBRARY_PATH is set correctly in the user's $HOME/.profile. Now every user can execute the file as long as they set the correct LD_LIBRARY_PATH variable. But after a SUID bit is set to the file(-rwsr-xr-x), the other users will be unable to execute the file because of failure to load the shared library which is in $LD_LIBRARY_PATH, even though the use's .profile is the same as the USERA's. My question is why does this happen? Does dlopen have some special usage of SUID? Thank ...

  1. #1

    Default Failed to find the shared library when SUID is set?

    I have a executable(-rwxr-xr-x) calling the oracle library.
    Its owner is a normal user USERA and the LD_LIBRARY_PATH is set
    correctly in the user's $HOME/.profile.

    Now every user can execute the file as long as they set the correct
    LD_LIBRARY_PATH variable. But after a SUID bit is set to the
    file(-rwsr-xr-x), the other users will be unable to execute the file
    because of failure to load the shared library which is in
    $LD_LIBRARY_PATH, even though the use's .profile is the same as the USERA's.

    My question is why does this happen? Does dlopen have some special usage
    of SUID?

    Thank you in advance.
    --
    Steven Ding
    dwj<at>asia.com
    Steven Guest

  2. #2

    Default Re: Failed to find the shared library when SUID is set?

    I'm sorry. I should have searched on Google. :p
    It is because of a security problem.
    Thanks.

    Steven Ding wrote: 


    --
    Steven Ding
    dwj<at>asia.com
    Steven Guest

  3. #3

    Default Re: Failed to find the shared library when SUID is set?

    In article <c120fu$proxy.lucent.com>,
    Steven Ding <com> wrote: 

    I think you can fix this by writing a C or shell wrapper. In ksh, I think
    this will work (I am saying "I think" because I don't want to take the time
    to test it, right now):

    #!/bin/ksh -p
    # Make this shell script setuid (yes, it works, if you specify -p)
    export LD_LIBRARY_PATH=...
    exec non_setuid_binary
    Kenny Guest

Similar Threads

  1. shared library
    By Gustavo Thiesen in forum Macromedia Flex General Discussion
    Replies: 0
    Last Post: April 1st, 07:15 PM
  2. Creating a shared library
    By Stu in forum AIX
    Replies: 3
    Last Post: January 14th, 03:10 PM
  3. help solaris thread+shared library with shared memory
    By inderjeet in forum UNIX Programming
    Replies: 4
    Last Post: December 15th, 05:03 PM
  4. Replies: 0
    Last Post: July 9th, 07:42 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139