Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: question about libclntsh.so

Re: question about libclntsh.so

From: Jens Schweikhardt <usenet_at_schweikhardt.net>
Date: 19 Dec 2002 08:07:10 GMT
Message-ID: <atrune$d4o$1@newsfeed.pit.comms.marconi.com> 





In comp.unix.programmer Homer Wells <hwells_at_no.spam.to> wrote:

# 
# music4 wrote:
#> "Jens Schweikhardt" <usenet_at_schweikhardt.net> wrote in message




#>>Yes; setuid programs will not search some random LD_LIBRARY_PATH for

#>>libraries for security reasons. Just think of someone setting

#>>LD_LIBRARY_PATH to include his home directory and putting his own

#>>libc.so there. Unlimited power if there is a dynamically linked

#>>setuid root binary on the system (and usually there are dozens).

#>>

#>>You have to put your libclntsh.so in the restricted LD_LIBRARY_PATH or

#>>run your app as user oracle with su or sudo, say.


#> 
#> Thans for Jens's answer. That's reasonable. But where is the restricted
#> LD_LIBRARY_PATH?
# 
# These details are platform dependent and you didn't mention your 
# platform. On Solaris, "man ld.so.1" and "man crle". Search for "SECURITY".





If your platform is not solaris you can do a little bit of second
guessing by using ldd on common programs. Wherever your libc.so is,
this is probably among the trusted directories.



Regards,



        Jens

-- 
Jens Schweikhardt  http://www.schweikhardt.net/
SIGSIG -- signature too long (core dumped)


Received on Thu Dec 19 2002 - 02:07:10 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US