Home page logo

pen-test logo Penetration Testing mailing list archives

Re: KEYWORDS: shared objects, dynamic linking,
From: Sebastian Jaenicke <tsa () jaenicke org>
Date: Sat, 20 Oct 2001 20:31:11 +0200


On Sat, Oct 20, 2001 at 02:13:23PM +0300, Aycan Irican wrote:
      [aycan () mars doc]$ uname -a
      Linux deadbeef 2.4.12 #13D SMP Wed Oct 17 11:54:46 CEST 2001 i586       unknown
      [aycan () mars doc]$ ls -al /usr/X11R6/bin/xlock
      -r-sr-xr-x   1 root     root      1406536 May  3 12:49 /usr/X11R6/bin/xlock

I couldn't see any path when I looked at objdump output ...so I think I can
export my LD_RUN_PATH variable to inject MY OWN libXpm.so.4 magically :)

what I'm doing wrong here?
is it possible to inject suspicious shared objects so suid program is

AFAIK the system doesn't honor your LD_LIBRARY_PATH with dynamically
linked suid/sgid-binaries. Otherwise, a compromise would be way too 
easy. ;-)


Sebastian Jaenicke
whois pgpkey-18AC0BE4 () whois ripe net|perl -ne's-^certif: +--&&print'

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]