Re: Environment Variable Not passed to Make

[Paul D. Smith]

%% "James W. McKelvey" <address@hidden> writes:

  jwm> I notice that the environment variable LD_LIBRARY_PATH is not
  jwm> passed to make like all the other variables. The value is always
  jwm> null!

  jwm> This is very weird, since I can't find any reference to it in the
  jwm> make code. There is no reference in the info or man pages to any
  jwm> special treatment.

The kernel is doing this.

You must have installed GNU make as a setuid or setgid application.
On many systems, when the kernel sees that it is about to invoke a
setuid or setgid application it will automatically remove
LD_LIBRARY_PATH from the environment first.

The security implications of failing to do this should be quite
apparent.

  jwm> Linux alpha1 2.4.9-31 #1 Tue Feb 26 06:07:30 EST 2002 alpha unknown

Hmm.

This is disturbing.

The only reason GNU make might be installed setgid of its own accord is
if your system requires this in order to determine the system load.  GNU
make requires this knowledge in order to implement the -l option.  Many
older systems could not find the load on the system except by reading
the actual kernel memory (typically /dev/kmem).  Obviously this is a big
security risk and so required special privileges (typically belonging to
the group "kmem").

However, GNU make's configure script should detect if you have a safer
way to find the system load and use that instead: no Linux system,
regardless of hardware platform, should ever require setgid kmem
permissions for this.

Obviously, the autoconf script that checks this is deficient :(.

-- 
-------------------------------------------------------------------------------
 Paul D. Smith <address@hidden>          Find some GNU make tips at:
 http://www.gnu.org                      http://www.paulandlesley.org/gmake/
 "Please remain calm...I may be mad, but I am a professional." --Mad Scientist