Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Another ld-linux.so problem
From: solar () FALSE COM (Solar Designer)
Date: Sat, 7 Feb 1998 22:39:40 -0300

Hello,


It's much simpler than that:

$ LD_PRELOAD=libdoesntexist /bin/su
/bin/su: error in loading shared libraries
libdoesntexist: cannot open shared object file: No such file or directory



  libraries that are installed on the system should be well written,
  and it should be safe for them to be specified in LD_PRELOAD.

I am quite surprised by this attitude, and I think I've thought of 3
situations where this behaviour of the dynamic linkers may _possibly_
create security problems.


Is there a reason for this limited LD_PRELOAD support for setuid binaries,
does something depend on it? It looks like this was done intentionally...

Anyway, here's a patch for ld-linux.so 1.9.5 that I just did:

--- boot1.c.orig        Mon Jul 21 16:45:35 1997
+++ boot1.c     Sat Feb  7 20:17:44 1998
@@ -525,7 +525,7 @@
     else
     {
       _dl_secure = 1;
-      _dl_preload = _dl_getenv("LD_PRELOAD", envp);
+      _dl_unsetenv("LD_PRELOAD", envp);
       _dl_unsetenv("LD_AOUT_PRELOAD", envp);
       _dl_unsetenv("LD_LIBRARY_PATH", envp);
       _dl_unsetenv("LD_AOUT_LIBRARY_PATH", envp);

(This is only to fix the LD_PRELOAD problem, not the load-old-version one.)

Signed,
Solar Designer

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]