Bugtraq mailing list archives
Re: a point is being missed
From: mdr () vodka sse att com (Mark D Riggins)
Date: Fri, 10 Nov 1995 12:01:29 -0500
I've read a little code on SVR4 to investigate and maybe help settle this shared lib issue. Here's what I found: 1) The LD_RUN_PATH option to the linker gives more lattitude than you may be aware of. The linker adds this path to the a.out at compile time. The dynamic linker gives it precendence over any environment flags such as LD_LIBRARY_PATH. So vendors could specify an LD_RUN_PATH of /usr/add-on/lib:/usr/lib:/usr/ccs/lib to allow extensibility w/o compromising security. A properly set LD_RUN_PATH is as secure as a statically linked binary because it will resolve all libraries from trusted directories. As long as all necessary libraries are present, there will be no means of attack. If the hacker gets write-access to /usr/lib, you've been toast for a long time by then. I don't know, but assume that similar functionality exists on other UNIX derivatives that support shared libs. 2) setuid files are not immune from LD_LIBRARY_PATH *if* they are executed by the owner. The check is not made on the file permission bits, it rather checks to see that getuid() == geteuid(). So if a daemon running as real and effective root gets its environment hosed, you're toast. Also some seem to feel that read access to shared libraries is a security problem. Why? Aren't these readily available for inspection on many accessible hosts? If you see some other reason, please let me know, I'm interesting in investigating it. Mark Riggins Secure Systems Engineering AT&T Bell Labs
Current thread:
- Re: a point is being missed, (continued)
- Re: a point is being missed Doug Hughes (Nov 04)
- Re: a point is being missed Scott Barman (Nov 06)
- Re: a point is being missed Doug Hughes (Nov 04)
- Re: a point is being missed der Mouse (Nov 04)
- Re: a point is being missed Casper Dik (Nov 06)
- Re: a point is being missed Mike Neuman (Nov 08)
- Re: a point is being missed Scott Barman (Nov 08)
- Re: a point is being missed Bruce Montrose (Nov 09)
- Re: a point is being missed System Administrator (Nov 10)
- Re: a point is being missed Dan Stromberg - OAC-DCS (Nov 09)
- Re: a point is being missed Mark D Riggins (Nov 10)
- Re: a point is being missed Casper Dik (Nov 06)
- Re: a point is being missed Doug Hughes (Nov 04)
- Re: a point is being missed Dr. Frederick B. Cohen (Nov 21)