Bugtraq mailing list archives
Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x
From: aj () ARTHUR RHEIN-NECKAR DE (Andreas Jaeger)
Date: Wed, 25 Aug 1999 08:06:36 +0200
Michal Zalewski writes:
First of all, something less or more personal - sorry to all secure () pl people for this post. I'm really angry, as this stuff become well-known without my knowledge... so, only a few of my own observations, always trying to respect other's intellectual property.
All the best goes to el- :P
---------------------------------------------- glibc 2.1.x and Linux without devpts mechanism ----------------------------------------------
Please report glibc problems to the glibc developers first! /usr/libexec/pt_chown --help outputs: [...] Report bugs using the `glibcbug' script to <bugs () gnu org>. I didn't see any report on this on any glibc list! :-( I'm forwarding this now.
------------------------------ glibc 2.0.x and LC_ALL, noexec ------------------------------
Compromise: locally, doing thins you shouldn't be able to do ;)
First of all - doing /lib/ld-linux.so.2 /program/on/noexec/partition is the simpliest way to bypass noexec option, if only you have glibc 2.0.x. Nothing to say, security by obscurity stinks.
Clean glibc 2.0.x, as distributed in .tar.gz, are vunerable to rather seriuos problem with LC_ALL containing '../' tricks (just like in telnetd and TERM case). In fact, in some Linux distributions, it has been silently fixed, while people upgrading glibc to eg. 2.0.7 'from scratch' are not aware of this problem, and many sites are vunerable. Using prepared directory with locale specifications, including glibc error messages used eg. by perror(), luser will be able to for example read setuid programs memory, etc.
AFAIK those problems are fixed in glibc 2.1.x - if not please tell us. Andreas -- Andreas Jaeger aj () arthur rhein-neckar de jaeger () informatik uni-kl de for pgp-key finger ajaeger () aixd1 rhrk uni-kl de
Current thread:
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Andreas Jaeger (Aug 24)
- <Possible follow-ups>
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Olaf Kirch (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Benjamin Smee (Aug 29)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michael K. Johnson (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michal Zalewski (Jul 04)
- [patch] ProFTPd remote root exploit Nic Bellamy (Aug 29)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michael K. Johnson (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michal Zalewski (Jul 04)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Josip Rodin (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Chris Butler (Aug 28)