Bugtraq mailing list archives

Re: Another ld-linux.so problem

From: solar () FALSE COM (Solar Designer)
Date: Sat, 7 Feb 1998 22:39:40 -0300


Hello,

It's much simpler than that:

$ LD_PRELOAD=libdoesntexist /bin/su
/bin/su: error in loading shared libraries
libdoesntexist: cannot open shared object file: No such file or directory

  libraries that are installed on the system should be well written,
  and it should be safe for them to be specified in LD_PRELOAD.

I am quite surprised by this attitude, and I think I've thought of 3
situations where this behaviour of the dynamic linkers may _possibly_
create security problems.


Is there a reason for this limited LD_PRELOAD support for setuid binaries,
does something depend on it? It looks like this was done intentionally...

Anyway, here's a patch for ld-linux.so 1.9.5 that I just did:

--- boot1.c.orig        Mon Jul 21 16:45:35 1997
+++ boot1.c     Sat Feb  7 20:17:44 1998
@@ -525,7 +525,7 @@
     else
     {
       _dl_secure = 1;
-      _dl_preload = _dl_getenv("LD_PRELOAD", envp);
+      _dl_unsetenv("LD_PRELOAD", envp);
       _dl_unsetenv("LD_AOUT_PRELOAD", envp);
       _dl_unsetenv("LD_LIBRARY_PATH", envp);
       _dl_unsetenv("LD_AOUT_LIBRARY_PATH", envp);

(This is only to fix the LD_PRELOAD problem, not the load-old-version one.)

Signed,
Solar Designer

Current thread:

Re: Windows 95 Serv-U FTP bug, (continued)
- Re: Windows 95 Serv-U FTP bug tl (Feb 05)
  - Re: Windows 95 Serv-U FTP bug Alan Thew (Feb 06)
  - SMB signing NT chall / response Mudgenski Von Splat (Feb 06)
  - L0pht Advisory - NT port binding vulnerability Weld Pond (Feb 06)
  - An update on MS private key (in)security issues Aleph One (Feb 06)
  - Another ld-linux.so problem Solar Designer (Feb 06)
    - CERT Advisory CA-98.04 - NT.WebServers Phillip R. Jaenke (Feb 06)
    - Re: CERT Advisory CA-98.04 - NT.WebServers David LeBlanc (Feb 06)
    - serious security hole in KDE Beta 3 Tudor Bosman (Feb 06)
    - Re: Another ld-linux.so problem joost witteveen (Feb 07)
    - Re: Another ld-linux.so problem Solar Designer (Feb 07)
    - Re: Another ld-linux.so problem carson () tla org (Feb 07)
    - Re: Another ld-linux.so problem Aleph One (Feb 08)
    - www-sql cgi prog overrides .htaccess restrictions. Mr LEROY christophe (Feb 09)
    - Re: www-sql cgi prog overrides .htaccess restrictions. Stunt Pope (Feb 09)
    - SNI-24: IDS Vulnerabilities Secure Networks Inc. (Feb 09)
    - AIX/Gradient iFOR/LS bug: follows symlinks Joerg Schumacher (Feb 09)
    - Re: AIX/Gradient iFOR/LS bug: follows symlinks Troy A. Bollinger (Feb 09)
    - CFP - Recent Advances in Intrusion Detection (RAID'98) Marc Dacier (Feb 10)
    - IBM-ERS Security Vulnerability Alert: IBM AIX: Insecure temporary ibm-ers () ERS IBM COM (Feb 10)
    - Re: Another ld-linux.so problem Roman Drahtmueller (Feb 08)

(Thread continues...)