Closed xfoobar closed 3 years ago
tianon
commented
3 years ago Interesting, although I'm not able to reproduce? Maybe there's something more to how you're using it (or how it was built) that's causing this behavior? Any more details you can provide?
$ sudo env -i LD_LIBRARY_PATH=/tmp ./gosu-amd64 0:0 /usr/bin/env
LD_LIBRARY_PATH=/tmp
HOME=/root
xfoobar
commented
3 years ago Interesting, although I'm not able to reproduce? Maybe there's something more to how you're using it (or how it was built) that's causing this behavior? Any more details you can provide?
$ sudo env -i LD_LIBRARY_PATH=/tmp ./gosu-amd64 0:0 /usr/bin/env LD_LIBRARY_PATH=/tmp HOME=/root
before I test:
# login as root
# allow normal users to use gosu
chmod a+s /usr/local/sbin/gosu
# switch to a normal user
su - normal_user
# execute test script
./test.shWhoa, full stop. Please do not ever set the sticky bit on gosu -- you might as well just install sudo and give every potential user on the entire system passwordless access.
xfoobar
commented
3 years ago Whoa, full stop. Please do not ever set the sticky bit on
gosu-- you might as well just installsudoand give every potential user on the entire system passwordless access.
Well, I actually want to switch to any user (include root) when using PODMAN_USERNS=keep-id in the podman container , sudo cannot be used because the user name and uid at the time of execution cannot be predicted, could you give me some other suggestions? Thanks.
tianon
commented
3 years ago Honestly feels a bit like https://xyproblem.info/ -- what is it you're actually trying to accomplish? What's the underlying problem you're hoping to solve?
xfoobar
commented
3 years ago Thanks, I solved this problem by configuring ldconfig.
tianon
commented
3 years ago I guess https://unix.stackexchange.com/a/48549/153467 explains why the variable gets stripped (it's not something we can fix -- it's inherent to setuid binaries).
Version:1.13 The LD_LIBRARY_PATH variable will be lost after executing gosu.
Example: test.sh
output: