Re: HP/UX dynamically load library fail on SetUID program - Bug or Feature?

appx software · ‎01-19-2007

Hi,

I seem to be unable to dynamically load libraries when I'm running a setUID program (chmod 4775)

For example my program called "runme" has the following permissions:

-rwsrwxr-x 1 runme sys

When I have the following environment variables set:

LD_LIBRARY_PATH=/opt/oracleinstantclient/instantclient_10_2/
LD_PRELOAD=/usr/lib/hpux32/libpthread.so.1:/opt/oracleinstantclient/instantclient_10_2/libnnz10.so

The program fails and will not load the library, however, when I remove the setuid permission (chmod 0775 runme) the application works fine.

Question, is this behavior a bug in HP/UX or a feature (security feature perhaps, not letting dynamic libraries load on setuid programs).

My OS:
$ uname -a
HP-UX itanic B.11.23 U ia64

Cheers!

P.S. This thread has been moved from Itanium Based - Experts Online Now!!! to HP-UX > languages - HP Forums moderator

BR936864 · ‎01-21-2007

It's a security feature in recent versions of HP-UX; the shared library path environment variables are ignored for setuid/setgid programs, as described in the man page for ld(1).

If you have the September 2005 Quality Pack patch bundle installed, you can specifiy a list of trusted paths in /etc/dld.sl.conf. If a path in an environment variable is a trusted path, it will be searched for libraries as usual. (The usual security caveats apply, of course.)

Andy

appx software · ‎01-22-2007

Great, thanks much.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: HP/UX dynamically load library fail on SetUID program - Bug or Feature?

HP/UX dynamically load library fail on SetUID program - Bug or Feature?

Re: HP/UX dynamically load library fail on SetUID program - Bug or Feature?

Re: HP/UX dynamically load library fail on SetUID program - Bug or Feature?