Re: LD_LIBRARY_PATH

I guess this is a little off topic, but anyhow...

See:
man 8 ld.so
man 8 ldconfig

LD_LIBRARY_PATH is generally harmless.  Set inside a user's .profile, it
allows a user to have user-specific searchable lib directories in addition to
global lib directories kept in /etc/ld.so.conf and/or a globally set
LD_LIBRARY_PATH.

You can just put the postgresql lib directory in /etc/ld.so.conf and run
ldconfig.

Recently, I was starting to run two versions of postgres on the same
computer, so I had to take the lib out of /etc/ld.so.conf and start putting
it into user .profiles' LD_LIBRARY_PATH.  Some users will use one pg lib
directory for one version of postgres, and other users have a different pg
lib dir in LD_LIBRARY_PATH so that the right libraries are used for the
different versions installed.  Likewise, users of different versions of pg
have different $PGHOME, $PGLIB, $PGDATA, $PGPORT, and $PATH settings so that
the right versions are executed on their paths.  Each version/instance has to
use a different port.

The only danger that I could imagine, if it is even possible, is some local
users compiling their own versions of system libraries with compromising code
in them.  Then, putting those libs in their LD_LIBRARY_PATH and running a
program that uses those libs and is suid root.  Again, I'm not sure that kind
of breach is possible though or if it is, how to lock down an environment
variable so it can't be abused.


On Wednesday 27 December 2000 12:40, Chris Hayner wrote:
> hello all.
>
> I suppose I should introduce myself, since I am new around here, and as
> such will probably be asking a lot of silly questions. I apologize for
> that in advance. My name is Chris Hayner and I work for Temple University
> doing various work on all flavors of UNIX. My current task is to work with
> postgreSQL, specifically on binding it to various LDAP services and
> replacing mySQL for this task.
> My question relates to the LD_LIBRARY_PATH problem discussed in number
> eight on the INSTALL tasks of the recently installed 7.0.3
>
> What I really want to know is how others have gotten around this
> problem. Everything I have read says that setting this env variable is a
> bad and dangerous thing to do, but I need a large amount of users to be
> able to access and use the database engine. Any help on this problem would
> be greatly appreciated.
>
> Thank you for your time,
> ch

--
-------- Robert B. Easter  reaster@comptechnews.com ---------
- CompTechNews Message Board   http://www.comptechnews.com/ -
- CompTechServ Tech Services   http://www.comptechserv.com/ -
---------- http://www.comptechnews.com/~reaster/ ------------