Vulnerability Development mailing list archives
Re: /lib/ld-2.2.4.so
From: "Robert A. Seace" <ras () slartibartfast magrathea com>
Date: Tue, 23 Apr 2002 06:37:37 -0400 (EDT)
In the profound words of Sabau Daniel:
or: lrwxrwxrwx 1 root root 11 Apr 15 12:01 /lib/ld-linux.so.2 -> ld-2.2.4.so This file gives users the ability of running binaries on witch the user doesn't have the permission to execute, it is enough to have read ability on the file in order to execute it:
[snip...]
i'm running a 2.4.18 kernel with grsecurity-1.9.4 patch on a Red Hat Linux 7.2 box, but i've succeded running this file on different linux boxes and i've been succesfull, please if anyone know how to eliminate this hole in my security give me a replay. If i try to change the mode on /lib/ls-2.2.4.so to 700, the users will not be able to login on my linux box, so this is not a solution:)
How is that a "hole", exactly? If you have read permission on a binary, what is to prevent you from just copying it to a writable directory and changing its mode to be executable, then running the copy?? Isn't that just as effective? Or, can the above be used to execute setuid binaries (while getting the increased privs, of course), as well? If so, then MAYBE it's worth a mention... However, the real solution would be to make sure you have no binaries on your system which users have read access to, but not execute access to... Such a situation doesn't make a lot of sense... The reverse is sometimes seen (execute but no read perms), but if you don't want them to execute it, why on Earth should you want them to read it?? -- ||========================================================================|| || Rob Seace || URL || ras () magrathea com || || AKA: Agrajag || http://www.magrathea.com/~ras/ || rob () wordstock com || ||========================================================================|| "It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard.'" - THGTTG
Current thread:
- Re: /lib/ld-2.2.4.so, (continued)
- Re: /lib/ld-2.2.4.so FozZy (Apr 24)
- RE: /lib/ld-2.2.4.so Tech Support (Apr 25)
- Re: /lib/ld-2.2.4.so SpaceWalker (Apr 26)
- Re: /lib/ld-2.2.4.so Michal Zalewski (Apr 25)
- Re: /lib/ld-2.2.4.so Olaf Kirch (Apr 25)
- Re: /lib/ld-2.2.4.so FozZy (Apr 24)
- Re: /lib/ld-2.2.4.so Pavel Kankovsky (Apr 24)
- Re: /lib/ld-2.2.4.so Bill Weiss (Apr 24)
- Re: /lib/ld-2.2.4.so Birger Toedtmann (Apr 24)
- Re: /lib/ld-2.2.4.so Dmitry Alyabyev (Apr 25)
- Re: /lib/ld-2.2.4.so Michal PodsednĂk (Apr 24)
- Re: /lib/ld-2.2.4.so Robert A. Seace (Apr 24)
- Re: /lib/ld-2.2.4.so jove (Apr 24)
- Re: /lib/ld-2.2.4.so Tompa Septimius Paul (Apr 25)