oss-sec mailing list archives
Re: ldd can execute an app unexpectedly
From: Tim Brown <tmb () 65535 com>
Date: Tue, 8 Mar 2011 00:46:05 +0000
On Tuesday 08 March 2011 00:00:11 Dmitry V. Levin wrote:
In June of 2002, I suggested to change ldd to avoid invoking programs directly, even when it seems like that would work, and invoke the dynamic linker as a program instead. This change was implemented at least in Owl and ALT Linux: http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/glibc/gli bc-2.3.6-owl-alt-ldd.diff http://git.altlinux.org/gears/g/glibc.git?p=glibc.git;a=commitdiff;h=78857 7027d2950e9508a434475e04c3af864d169
A slight tangent to this but IIRC there was some suggestion that allowing files to be mapped to memory with execute permissions when called in this manner was something that should be considered a bug/feature to be fixed in order to bring ld.so in to line with how execution happens more generally. I think Tavis or stealth mentioned it to me regarding the suggestion in my paper that an attacker could execute binaries in this manner to bypass situations when the binary didn't, for whatever reason have +x. I guess it should be possible to fix both cases but it's something that needs to be considered. Tim -- Tim Brown <mailto:tmb () 65535 com>
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- ldd can execute an app unexpectedly Steve Grubb (Mar 07)
- Re: ldd can execute an app unexpectedly Dmitry V. Levin (Mar 07)
- Re: ldd can execute an app unexpectedly Steve Grubb (Mar 07)
- Re: ldd can execute an app unexpectedly Tim Brown (Mar 07)
- Re: ldd can execute an app unexpectedly Tomas Hoger (Mar 08)
- Re: ldd can execute an app unexpectedly Steve Grubb (Mar 08)
- Re: ldd can execute an app unexpectedly Dmitry V. Levin (Mar 07)