super , keep LD_LIBRARY_PATH

sanyechong12 at live.com sanyechong12 at live.com
Wed Apr 1 01:41:23 UTC 2015 

Thanks a lot.
After checking the super document carefully, it seems like there's no easy way to slove this problem with super.

Then I try to excute shell export before my script. It works:
$ export LD_LIBRARY_PATH=/whatever/

But when I use python to set the LD_LIBRARY_PATH, it failed:
os.environ["LD_LIBRARY_PATH"] = /whatever/

The code above is working well directly, but not in super command:
$ su admin
$ super bzytest  

Regards
Shuai

> Date: Tue, 31 Mar 2015 13:51:54 +0200
> From: simon.raffeiner at kit.edu
> To: sanyechong12 at live.com; ubuntu-devel-discuss at lists.ubuntu.com
> Subject: Re: super , keep LD_LIBRARY_PATH
> 
> Hi,
> 
> you can't. The variable is not removed by super or sudo, but by the
> dynamic linker for security reasons.
> 
> 
> From the manpage of ld.so(8):
> 
> "LD_LIBRARY_PATH
>  A colon-separated list of directories in which to search for ELF
> libraries at execution-time.  Similar to the PATH environment variable.
>  Ignored in set-user-ID and set-group-ID programs."
> 
> 
> The corresponding source code line is
> https://sourceware.org/git/?p=glibc.git;a=blob;f=elf/dl-load.c;h=41b91fcc86664b39ea8c0ce5ed35109ab494c925;hb=HEAD#l817
> , the __libc_enable_secure flag gets set when a binary is executed
> setuid root and prevents the use of untrusted paths LD_LIBRARY_PATH. The
> list of trusted paths is generated at compile time, so you can't change
> it later.
> 
> 
> I have never used super and the only solution I know is the following:
> 
> 
> $ export LD_LIBRARY_PATH=/whatever/
> $ sudo LD_LIBRARY_PATH=${LD_LIBRARY_PATH} env
> 
> 
> 
> kind regards,
> 
> Simon
> 
> 
> 
> 
> On 31.03.2015 10:13, sanyechong12 at live.com wrote:> Hi everybody!
> >     How can I keep the enviromet variable LD_LIBRARY_PATH when I excute
> > a super command?
> >
> >     I have modified /etc/super.tab:
> >     :global env=PATH,LD_LIBRARY_PATH,PYTHONPATH
> >     bzytest /root/test admin
> >
> >     /root/test:
> >     #!/bin/bash
> >     export
> >
> >     I can get PATH, PYTHONPATH kept. But LD_LIBRARY_PATH is not.
> >
> >     Forgive my bad english.
> >
> >     Best wishes
> >
> 
> >
> >     Shuai
> >     sanyechong12 at live.com
> 
> 
> -- 
> Karlsruhe Institut of Technology (KIT)
> Steinbuch Centre for Computing (SCC)
> 
> M. Sc. Simon Raffeiner
> High Performance Computing Administrator
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20150401/08cd2376/attachment.html>

More information about the Ubuntu-devel-discuss mailing list