Vulnerability Development mailing list archives
Re: /lib/ld-2.2.4.so
From: Bill Weiss <houdini () nmt edu>
Date: Wed, 24 Apr 2002 01:04:15 -0600
Sabau Daniel(draven () UBBCluj Ro)@Mon, Apr 22, 2002 at 09:43:32AM +0300: --snip--
the important thing is to include a full path in the binary name to be able to execute it. in the same way i've managed to run the ptrace exploit on a nosuid partition i'm running a 2.4.18 kernel with grsecurity-1.9.4 patch on a Red Hat Linux 7.2 box, but i've succeded running this file on different linux boxes and i've been succesfull, please if anyone know how to eliminate this hole in my security give me a replay. If i try to change the mode on /lib/ls-2.2.4.so to 700, the users will not be able to login on my linux box, so this is not a solution:)
That's an odd problem. On one hand, it's bad that it "executes" things on a noexec partition. On the other, the file that is executing is ld-*, and it's just reading in a file and executing the contents. This is how it has to work, so it's not as simple as just not doing that. Something to note: It ignores SUID bits. This is good. Given that the program (library, whatever) is doing what's intended, there's not an obvious fix. It could check to make sure you have execute access to the file, but I think that would break things. If you're running a shell, it's probably time to move past the simple restrictions of noexec and nosuid. -- Bill Weiss
Current thread:
- Re: nobody suid shell (kind of relationship with the ld-2.2.4 thread...), (continued)
- Re: nobody suid shell (kind of relationship with the ld-2.2.4 thread...) c0n (Apr 26)
- Re: nobody suid shell (kind of relationship with the ld-2.2.4 thread...) Bill Weiss (Apr 26)
- Re: nobody suid shell (kind of relationship with the ld-2.2.4 thread...) Jim Nanney (Apr 26)
- Re: /lib/ld-2.2.4.so Florian Weimer (Apr 26)
- Re: /lib/ld-2.2.4.so FozZy (Apr 24)
- RE: /lib/ld-2.2.4.so Tech Support (Apr 25)
- Re: /lib/ld-2.2.4.so SpaceWalker (Apr 26)
- Re: /lib/ld-2.2.4.so Michal Zalewski (Apr 25)
- Re: /lib/ld-2.2.4.so Olaf Kirch (Apr 25)
- Re: /lib/ld-2.2.4.so Pavel Kankovsky (Apr 24)
- Re: /lib/ld-2.2.4.so Bill Weiss (Apr 24)
- Re: /lib/ld-2.2.4.so Birger Toedtmann (Apr 24)
- Re: /lib/ld-2.2.4.so Dmitry Alyabyev (Apr 25)
- Re: /lib/ld-2.2.4.so Michal PodsednĂk (Apr 24)
- Re: /lib/ld-2.2.4.so Robert A. Seace (Apr 24)
- Re: /lib/ld-2.2.4.so jove (Apr 24)
- Re: /lib/ld-2.2.4.so Tompa Septimius Paul (Apr 25)