topic Re: HP/UX dynamically load library fail on SetUID program - Bug or Feature? in Operating System - Linux

HP/UX dynamically load library fail on SetUID program - Bug or Feature?

appx software — Fri, 15 Mar 2013 01:57:10 GMT

Hi,

I seem to be unable to dynamically load libraries when I'm running a setUID program (chmod 4775)

For example my program called "runme" has the following permissions:

-rwsrwxr-x 1 runme sys

When I have the following environment variables set:

LD_LIBRARY_PATH=/opt/oracleinstantclient/instantclient_10_2/
LD_PRELOAD=/usr/lib/hpux32/libpthread.so.1:/opt/oracleinstantclient/instantclient_10_2/libnnz10.so

The program fails and will not load the library, however, when I remove the setuid permission (chmod 0775 runme) the application works fine.

Question, is this behavior a bug in HP/UX or a feature (security feature perhaps, not letting dynamic libraries load on setuid programs).

My OS:
$ uname -a
HP-UX itanic B.11.23 U ia64

Cheers!

P.S. This thread has been moved from Itanium Based - Experts Online Now!!! to HP-UX > languages - HP Forums moderator

Re: HP/UX dynamically load library fail on SetUID program - Bug or Feature?

BR936864 — Mon, 22 Jan 2007 04:48:40 GMT

It's a security feature in recent versions of HP-UX; the shared library path environment variables are ignored for setuid/setgid programs, as described in the man page for ld(1).

If you have the September 2005 Quality Pack patch bundle installed, you can specifiy a list of trusted paths in /etc/dld.sl.conf. If a path in an environment variable is a trusted path, it will be searched for libraries as usual. (The usual security caveats apply, of course.)

Andy

Re: HP/UX dynamically load library fail on SetUID program - Bug or Feature?

appx software — Mon, 22 Jan 2007 08:18:14 GMT

Great, thanks much.