Date: Tue, 8 Mar 2011 00:46:05 +0000 From: Tim Brown <tmb@...35.com> To: oss-security@...ts.openwall.com Subject: Re: ldd can execute an app unexpectedly On Tuesday 08 March 2011 00:00:11 Dmitry V. Levin wrote: > In June of 2002, I suggested to change ldd to avoid invoking programs > directly, even when it seems like that would work, and invoke the dynamic > linker as a program instead. > This change was implemented at least in Owl and ALT Linux: > http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/glibc/gli > bc-2.3.6-owl-alt-ldd.diff > http://git.altlinux.org/gears/g/glibc.git?p=glibc.git;a=commitdiff;h=78857 > 7027d2950e9508a434475e04c3af864d169 A slight tangent to this but IIRC there was some suggestion that allowing files to be mapped to memory with execute permissions when called in this manner was something that should be considered a bug/feature to be fixed in order to bring ld.so in to line with how execution happens more generally. I think Tavis or stealth mentioned it to me regarding the suggestion in my paper that an attacker could execute binaries in this manner to bypass situations when the binary didn't, for whatever reason have +x. I guess it should be possible to fix both cases but it's something that needs to be considered. Tim -- Tim Brown <mailto:tmb@...35.com> Download attachment "signature.asc " of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.