views:

296

answers:

2

Consider this scenario in which an executable A.bin uses libY.so and libZ.so. A.c, Y.c and Z.c are all written in C. Z.c and Y.c are compiled into respective .so files.

This is the directory structure of the files

$home/bin/A.bin $home/lib/libY.so $home/lib/libZ.so

When I run A.bin as normal user, A.bin runs normally as expected. Note: $LD_LIBRARY_PATH contains $home/lib

I changed some code in A.c adding some functionality which needs admin privileges(like binding to a port less than 1000). I set the setuid bit for A.bin, libY.so and libZ.so to rwsrwsrws, and change the ownership of the files to root. When I try to run A.bin, I get the following error

ld.so.1: A.bin: fatal: libY.so: open failed: No such file or directory Killed

When I just remove the setuid permission from all those files, then the binary runs except for the functionality fails where it needs root privileges.

How to overcome this problem ?

Edit: The OS is Solaris 5.10

+2  A: 

In some Unix variants, suid executables have some security features like ignoring LD_LIBRARY_PATH, checking ownership and access rights on the executable and used shared libraries,... I don't remember the case of Solaris, but you should probably check that.

AProgrammer
*Any* UNIX-like OS has to ignore LD_LIBRARY_PATH for setuid binaries, otherwise it's a security hole you could drive a truck through.
caf
+2  A: 

As AProgrammer said, while executing setuid programs, $LD_LIBRARY_PATH is ignored. Hence the path has to be hardcoded in the executable itself using this flag while linking

gcc -R $home/lib

The -R flag builds runtime search path list into executable.

Reference: http://www.justskins.com/forums/loading-shared-libraries-from-a-setuid-program-116597.html

Saradhi