Przemyslaw Frasunek wrote:
> ld.so from Solaris 9 and 10 doesn't check LD_AUDIT environment variable when
> running s[ug]id binaries, allowing to run arbitrary code with elevated
> privileges. Well, I can't belive, that such trivial vulnerability exists in
> modern OS...
[...]

Oh, well, it's not th...

[ more ]