|
|
|
|
|
|
by lixtra
2594 days ago
|
|
|
This reminds me of the LD_PRELOAD security measure [1]. However the solution there, to always set it to a sane default, appears superior. Can't you set the search path for SECURITY DEFINER to a saner default unless specified? [1] https://manpages.debian.org/wheezy/manpages/ld-linux.so.8.en... LD_PRELOAD
A whitespace-separated list of additional,
user-specified, ELF shared libraries to be
loaded before all others. This can be used
to selectively override functions in other
shared libraries. For setuid/setgid ELF
binaries, only libraries in the standard
search directories that are also setgid
will be loaded.
|
|
|