Bugtraq mailing list archives
Re: Dump a mode --x--x--x binary on Linux 2.0.x
From: luyer () UCS UWA EDU AU (David Luyer)
Date: Wed, 16 Sep 1998 11:18:47 +0800
The question of whether being able to retrieve an exact copy of a mode 111 binary by a simple LD_PRELOAD is a bug or not has been raised. I think that it is a bug in that it's something that some programs depend on not being possible, and yet it is possible. I've only ever installed one program which installed mode 111 (a restrictively-licensed program distributed as source) but I expect if I didn't try to keep to the rule of only using programs with available source I'd have more of them. I think permitting this _is_ clearly a linker bug. Unreadable binaries should be protected against preloads and varied library paths when run by someone who can't read them the same way SUID programs are considered to have access to privileged data and hence protected. The fact some programs install mode 111 means that it is expected to protect the binary. The fact that you can't core dump or directly read a mode 111 binary means that there is an expectation of security. Yet with the trivial little program I posted here as a preload you can reconstruct the binary. And with a slight variation you can maintain it as an installed signal handler (install it from getpid() and override the singal-setting syscall to prevent it being changed and yet to return the "correct" answers to the program) you *can* core-dump the binary. A third variation is to override all syscalls with wrapper routines to implement a poor-man's PTRACE. Basically, there are three things often done to secure a mode 111 binary at the OS level, and LD_PRELOAD allows (except on statically linked binaries) to avoid all three of them. Being able to override the expectations of those programs which are installed mode 111 _is_ a security problem in that it violates expected semantics and that when a given Unix variant makes any attempt to enforce these semantics it should make sure it completely enforces them, instead of giving a false sense of security. Sound like "security by obscurity" to anyone? David.
Current thread:
- Dump a mode --x--x--x binary on Linux 2.0.x David Luyer (Sep 14)
- Re: Dump a mode --x--x--x binary on Linux 2.0.x Alan Cox (Sep 15)
- Re: Dump a mode --x--x--x binary on Linux 2.0.x Casper Dik (Sep 15)
- <Possible follow-ups>
- Re: Dump a mode --x--x--x binary on Linux 2.0.x David Luyer (Sep 15)
- Re: Dump a mode --x--x--x binary on Linux 2.0.x Neale Banks (Sep 16)
- Re: Dump a mode --x--x--x binary on Linux 2.0.x Martin Mares (Sep 17)
- Re: Dump a mode --x--x--x binary on Linux 2.0.x Alan Cox (Sep 15)