Vulnerability Development mailing list archives
Re: /lib/ld-2.2.4.so
From: Eric Rostetter <eric.rostetter () physics utexas edu>
Date: Tue, 23 Apr 2002 09:12:43 -0500
Quoting Sabau Daniel <draven () UBBCluj Ro>:
This file gives users the ability of running binaries on witch the user doesn't have the permission to execute, it is enough to have read ability on the file in order to execute it: -rwxr-xr-- 1 root root 45948 Aug 9 2001 /bin/ls but using the /lib/ld-2.2.4.so file i can execute the ls command: [08:51:36][draven@Zero:~]:$/lib/ld-2.2.4.so /bin/ls / bin bzImage bzImage3 bzImage5 dev home lib mnt proc sbin usr boot bzImage2 bzImage4 bzImage6 etc initrd misc opt root tmp var
This is a old, known issue. I've known about it for about 2 years, and I'm sure others have known about it longer. It makes an appearance on a mailing list about once a year. I know of no solution though to all the problems this brings up. -- Eric Rostetter eric.rostetter () physics utexas edu Hey Rocky! Watch me pull a rabbit from my hat!
Current thread:
- /lib/ld-2.2.4.so Sabau Daniel (Apr 22)
- RE: /lib/ld-2.2.4.so Tech Support (Apr 24)
- Re: /lib/ld-2.2.4.so Marlon Jabbur (Apr 24)
- Re: /lib/ld-2.2.4.so Eric Rostetter (Apr 24)
- Re: /lib/ld-2.2.4.so Olaf Kirch (Apr 24)
- Re: /lib/ld-2.2.4.so Bill Weiss (Apr 24)
- Re: /lib/ld-2.2.4.so Kurt Seifried (Apr 25)
- Re: /lib/ld-2.2.4.so Robert A. Seace (Apr 25)
- nobody suid shell (kind of relationship with the ld-2.2.4 thread...) Anibal Ambertin (Apr 26)
- Re: nobody suid shell (kind of relationship with the ld-2.2.4 thread...) c0n (Apr 26)
- Re: nobody suid shell (kind of relationship with the ld-2.2.4 thread...) Bill Weiss (Apr 26)
- Re: nobody suid shell (kind of relationship with the ld-2.2.4 thread...) Jim Nanney (Apr 26)
- Re: /lib/ld-2.2.4.so Bill Weiss (Apr 24)
- Re: /lib/ld-2.2.4.so Florian Weimer (Apr 26)
- RE: /lib/ld-2.2.4.so Tech Support (Apr 24)
- Re: /lib/ld-2.2.4.so FozZy (Apr 24)