Penetration Testing mailing list archives
Re: KEYWORDS: shared objects, dynamic linking,
From: Sebastian Jaenicke <tsa () jaenicke org>
Date: Sat, 20 Oct 2001 20:31:11 +0200
Hi, On Sat, Oct 20, 2001 at 02:13:23PM +0300, Aycan Irican wrote: [..]
[aycan@mars doc]$ uname -a Linux deadbeef 2.4.12 #13D SMP Wed Oct 17 11:54:46 CEST 2001 i586 unknown [aycan@mars doc]$ ls -al /usr/X11R6/bin/xlock -r-sr-xr-x 1 root root 1406536 May 3 12:49 /usr/X11R6/bin/xlock I couldn't see any path when I looked at objdump output ...so I think I can export my LD_RUN_PATH variable to inject MY OWN libXpm.so.4 magically :) what I'm doing wrong here? is it possible to inject suspicious shared objects so suid program is compromised?
[..] AFAIK the system doesn't honor your LD_LIBRARY_PATH with dynamically linked suid/sgid-binaries. Otherwise, a compromise would be way too easy. ;-) Sebastian -- Sebastian Jaenicke whois pgpkey-18AC0BE4 () whois ripe net|perl -ne's-^certif: +--&&print'
Attachment:
_bin
Description:
Current thread:
- KEYWORDS: shared objects, dynamic linking, Aycan Irican (Oct 20)
- Re: KEYWORDS: shared objects, dynamic linking, Sebastian Jaenicke (Oct 20)
- <Possible follow-ups>
- Re: KEYWORDS: shared objects, dynamic linking, Dave Aitel (Oct 20)