Re: Compile-time options
On Mon, Jun 28, 1999 at 02:37:23PM +0400, Victor Wagner wrote:
> 1. ssh.
> Ssh can be complied with SOCKS support. Most people don't need it but I
> recently encounter situation, when I can access outside world only via
> Windows proxy server. runsocks script doesn't help, becouse ssh is suid
> binary and LD_PRELOAD doesn't work on it.
It can work. LD_PRELOAD _is_ honored for suid programs if the library is
specified without a path and is found in a "trusted" library path (/lib,
/usr/lib, or an entry in ld.so.conf). According to some reports, there may
be other necessary conditions, which may differ depending on the version of
libc, such as the library being root owned, executable, and setuid.
Another option is to put the library in /etc/ld.so.preload, which will cause
it to be preloaded by every dynamic binary. Be sure the library is
reliable, because if it has an error you won't be able to run anything!
Assuming that the socks package already puts its library in a trusted
directory, a trivial change should allow socksify to work on setuid
programs. I suggest that someone figure out how to do so and file a bug
against the socks package. (I do not have it installed, but I have given a
similar patch to the dante developer.)
(There is no relevant documentation. Ulrich Drepper told me to read the
source but I haven't gotten around to it. Searches on
comp.os.linux.developer.system and BUGTRAQ archives will get some hits.)
Andrew
--
Don't forget that Linux became only possible because 20 years of OS
research was carefully studied, analyzed, discussed and thrown away.
- kernel hacker Ingo Molnar
Reply to: