oss-sec mailing list archives
Hardening the linker (was Re: [oss-security] CVE request: CouchDB insecure library loading (Debian/Ubuntu only))
From: Tim Brown <timb () nth-dimension org uk>
Date: Sun, 29 Aug 2010 16:10:48 +0100
For those of you that missed it, this was actually reported by Dan off the back of a blog post by me describing the generic case: http://www.nth-dimension.org.uk/blog.php?id=87 I'm well aware that the linker is a tool and that it can be misused (as in this case) but is anyone aware of a good reason why empty directory specifications in LD_LIBRARY_PATH, PATH et al are treated as $PWD? The only times I've seen empty specifications it's because of bugs such as the one Dan has reported. Is there a case to look at harding the dynamic linker to reject empty specifications; there's not much that one can do where someone has explicitly set a stupid LD_LIBRARY_PATH? I appreciate that this might has some unwanted outcomes (such as breaking compatibility with other POSIX-alike OS) but sometimes there's a good argument for breaking compatibility if it increases security (some of the various grsec kernel and GCC compiler hardening changes would be good examples here). Tim -- Tim Brown <mailto:timb () nth-dimension org uk> <http://www.nth-dimension.org.uk/>
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE request: CouchDB insecure library loading (Debian/Ubuntu only) Dan Rosenberg (Aug 25)
- Re: CVE request: CouchDB insecure library loading (Debian/Ubuntu only) Tomas Hoger (Aug 26)
- Re: CVE request: CouchDB insecure library loading (Debian/Ubuntu only) Josh Bressers (Aug 26)
- Hardening the linker (was Re: [oss-security] CVE request: CouchDB insecure library loading (Debian/Ubuntu only)) Tim Brown (Aug 29)