Thanks for your reply.
On 7/31/07, olafBuddenhagen@gmx.net <olafBuddenhagen@gmx.net> wrote:
> (1) Should we disable the overrding mechanism for SUID or SGID
> processes ( e.g. substituting *__secure_getenv* for *getenv*).
Good question actually. I've no idea :-(
In theory, the user should not be able to run a server that has more
authority than the standard server. I'm not sure however how much stuff
relies on the behaviour of the servers -- whether there are situation
where a server behaving differently than the default implementation
could cause a suid program to do something it normally wouldn't do...
I think it is dangerous anyway if an ordinary user can affect the behaviour of a privileged process through environment variables, especially that since the overriding takes place in Glibc, the suid program may be bind about this. Consider that, a suid program relys on the infromation (like network configuration in the case of socket servers) returned by a default server to make some security decisions ...
Regards,
Wei Shen