Vulnerability Development mailing list archives
Re: /lib/ld-2.2.4.so
From: Birger Toedtmann <birger () takatukaland de>
Date: Tue, 23 Apr 2002 08:37:34 +0200
Sabau Daniel schrieb am Mon, Apr 22, 2002 at 09:43:32AM +0300:
or: lrwxrwxrwx 1 root root 11 Apr 15 12:01 /lib/ld-linux.so.2 -> ld-2.2.4.so This file gives users the ability of running binaries on witch the user doesn't have the permission to execute, it is enough to have read ability on the file in order to execute it: -rwxr-xr-- 1 root root 45948 Aug 9 2001 /bin/ls but using the /lib/ld-2.2.4.so file i can execute the ls command: [08:51:36][draven@Zero:~]:$/lib/ld-2.2.4.so /bin/ls / bin bzImage bzImage3 bzImage5 dev home lib mnt proc sbin usr boot bzImage2 bzImage4 bzImage6 etc initrd misc opt root tmp var i do not have root preveleges on this account: [08:51:38][draven@Zero:~]:$id uid=1000(draven) gid=10(wheel) groups=10(wheel),16(trust)
I cannot reproduce this behaviour: # id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) # ls -l /bin/ls -rwxr-x--- 2 root root 45948 Aug 9 2001 /bin/ls # exit $ id uid=500(birger) gid=500(birger) groups=500(birger) $ ls bash: /bin/ls: Permission denied $ /lib/ld-2.2.4.so /bin/ls /bin/ls: error while loading shared libraries: /bin/ls: cannot open shared object file: Permission denied $ uname -r 2.4.18 $ cat /etc/redhat-release Red Hat Linux release 7.2 (Enigma) So it has either something to do with the groups you're in (wheel?) or grsececurity is doing something weird to your kernel - or its both ;-) - which means, no, I don't have grsecurity in my kernel setup. And be sure /lib/ld-2.2.4.so has no "s" bit set somewhere, the default is 755. Regards, Birger
Current thread:
- Re: nobody suid shell (kind of relationship with the ld-2.2.4 thread...), (continued)
- Re: nobody suid shell (kind of relationship with the ld-2.2.4 thread...) Bill Weiss (Apr 26)
- Re: nobody suid shell (kind of relationship with the ld-2.2.4 thread...) Jim Nanney (Apr 26)
- Re: /lib/ld-2.2.4.so Florian Weimer (Apr 26)
- Re: /lib/ld-2.2.4.so FozZy (Apr 24)
- RE: /lib/ld-2.2.4.so Tech Support (Apr 25)
- Re: /lib/ld-2.2.4.so SpaceWalker (Apr 26)
- Re: /lib/ld-2.2.4.so Michal Zalewski (Apr 25)
- Re: /lib/ld-2.2.4.so Olaf Kirch (Apr 25)
- Re: /lib/ld-2.2.4.so Pavel Kankovsky (Apr 24)
- Re: /lib/ld-2.2.4.so Bill Weiss (Apr 24)
- Re: /lib/ld-2.2.4.so Birger Toedtmann (Apr 24)
- Re: /lib/ld-2.2.4.so Dmitry Alyabyev (Apr 25)
- Re: /lib/ld-2.2.4.so Michal PodsednĂk (Apr 24)
- Re: /lib/ld-2.2.4.so Robert A. Seace (Apr 24)
- Re: /lib/ld-2.2.4.so jove (Apr 24)
- Re: /lib/ld-2.2.4.so Tompa Septimius Paul (Apr 25)