Bugtraq mailing list archives
Re: [ GLSA 200408-16 ] glibc: Information leak with LD_DEBUG
From: Jim Paris <jim () jtan com>
Date: Fri, 20 Aug 2004 03:24:53 -0400
Silvio Cesare discovered a potential information leak in glibc. It allows LD_DEBUG on SUID binaries where it should not be allowed. This has various security implications, which may be used to gain confidentional information.
It's worse than that. You can essentially single-step through the library calls of a binary by turning on verbose debugging through LD_DEBUG and then carefully controlling stdout so that the program blocks while writing the debugging output. I've used this to exploit race conditions in setuid binaries that would otherwise be nearly impossible to trigger. Gentoo's method of adding LD_DEBUG to UNSECURE_ENVVARS will prevent this. -jim
Current thread:
- [ GLSA 200408-16 ] glibc: Information leak with LD_DEBUG Kurt Lieber (Aug 17)
- Re: [ GLSA 200408-16 ] glibc: Information leak with LD_DEBUG Jim Paris (Aug 20)
- Re: [ GLSA 200408-16 ] glibc: Information leak with LD_DEBUG Solar Designer (Aug 21)
- Re: [ GLSA 200408-16 ] glibc: Information leak with LD_DEBUG Jim Paris (Aug 20)