|
Message-Id: <201103080046.20318.tmb@65535.com>
Date: Tue, 8 Mar 2011 00:46:05 +0000
From: Tim Brown <tmb@...35.com>
To: oss-security@...ts.openwall.com
Subject: Re: ldd can execute an app unexpectedly
On Tuesday 08 March 2011 00:00:11 Dmitry V. Levin wrote:
> In June of 2002, I suggested to change ldd to avoid invoking programs
> directly, even when it seems like that would work, and invoke the dynamic
> linker as a program instead.
> This change was implemented at least in Owl and ALT Linux:
> http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/glibc/gli
> bc-2.3.6-owl-alt-ldd.diff
> http://git.altlinux.org/gears/g/glibc.git?p=glibc.git;a=commitdiff;h=78857
> 7027d2950e9508a434475e04c3af864d169
A slight tangent to this but IIRC there was some suggestion that allowing files
to be mapped to memory with execute permissions when called in this manner was
something that should be considered a bug/feature to be fixed in order to bring
ld.so in to line with how execution happens more generally. I think Tavis or
stealth mentioned it to me regarding the suggestion in my paper that an
attacker could execute binaries in this manner to bypass situations when the
binary didn't, for whatever reason have +x. I guess it should be possible to
fix both cases but it's something that needs to be considered.
Tim
--
Tim Brown
<mailto:tmb@...35.com>
Download attachment "signature.asc " of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.