Bugtraq mailing list archives
Re: Another ld-linux.so problem
From: aleph1 () DFW DFW NET (Aleph One)
Date: Sun, 8 Feb 1998 15:39:10 -0600
On Sat, 7 Feb 1998 carson () TLA ORG wrote:
Yes. SOCKSifying stupid protocols that require binding ports <1024, for example. Assuming you install libsocks5_sh.so in /usr/lib, you can do: $ (export LD_PRELOAD=/usr/lib/libsocks5_sh.so; rsh machine.outside.firewall pwd) and have it work. This is basically what the runsocks script does.
Another example: installing a library that overides mktemp, tempnam and other dangerous library functions with more secure ones. So the feature is indeed useful. The correct behavior should be for the dynamic linker to give up at the first error. Alternatively you should be able to configure such libraries via the configuration file instead of an environment variable. You cant do so now as far as I can tell.
-- Carson Gaspar -- carson () cs columbia edu carson () tla org carson () cugc org http://www.cs.columbia.edu/~carson/home.html Queen Trapped in a Butch Body
Aleph One / aleph1 () dfw net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Current thread:
- SMB signing NT chall / response, (continued)
- SMB signing NT chall / response Mudgenski Von Splat (Feb 06)
- L0pht Advisory - NT port binding vulnerability Weld Pond (Feb 06)
- An update on MS private key (in)security issues Aleph One (Feb 06)
- Another ld-linux.so problem Solar Designer (Feb 06)
- CERT Advisory CA-98.04 - NT.WebServers Phillip R. Jaenke (Feb 06)
- Re: CERT Advisory CA-98.04 - NT.WebServers David LeBlanc (Feb 06)
- serious security hole in KDE Beta 3 Tudor Bosman (Feb 06)
- Re: Another ld-linux.so problem joost witteveen (Feb 07)
- Re: Another ld-linux.so problem Solar Designer (Feb 07)
- Re: Another ld-linux.so problem carson () tla org (Feb 07)
- Re: Another ld-linux.so problem Aleph One (Feb 08)
- www-sql cgi prog overrides .htaccess restrictions. Mr LEROY christophe (Feb 09)
- Re: www-sql cgi prog overrides .htaccess restrictions. Stunt Pope (Feb 09)
- SNI-24: IDS Vulnerabilities Secure Networks Inc. (Feb 09)
- AIX/Gradient iFOR/LS bug: follows symlinks Joerg Schumacher (Feb 09)
- Re: AIX/Gradient iFOR/LS bug: follows symlinks Troy A. Bollinger (Feb 09)
- CFP - Recent Advances in Intrusion Detection (RAID'98) Marc Dacier (Feb 10)
- IBM-ERS Security Vulnerability Alert: IBM AIX: Insecure temporary ibm-ers () ERS IBM COM (Feb 10)
- Re: Another ld-linux.so problem Roman Drahtmueller (Feb 08)
- ld confusion Aleph One (Feb 10)
- Re: ld confusion Cristian Gafton (Feb 11)