This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: [fyre@box3n.gumbynet.org: Re: ld-2.1.3.so allows users to run programs from noexec partition]

To: "Rodrigo Barbosa (aka morcego)" <rodrigob at conectiva dot com dot br>
Subject: Re: [fyre@box3n.gumbynet.org: Re: ld-2.1.3.so allows users to run programs from noexec partition]
From: Ulrich Drepper <drepper at redhat dot com>
Date: 05 Sep 2000 10:39:15 -0700
Cc: Ben Collins <bcollins at debian dot org>, Daniel Jacobowitz <dmj+ at andrew dot cmu dot edu>, libc-alpha at sources dot redhat dot com
References: <20000904152657.F8559@conectiva.com.br><20000904202715.T3822@visi.net> <20000905100122.A14736@drow.them.org><20000905100946.C3822@visi.net> <m3wvgq23mr.fsf@otr.mynet.cygnus.com><20000905140907.M8559@conectiva.com.br>
Reply-To: drepper at cygnus dot com (Ulrich Drepper)

"Rodrigo Barbosa (aka morcego)" <rodrigob@conectiva.com.br> writes:

> Okey, I know many (most) of the cases, this ld.so executing
> "feature" is a noissue. But when a user can only write to /tmp, and
> /tmp is noexec'd, then this does become an issue, as I'm sure you
> agree, even if the program in question does nothing more then send a
> userlist (taken from /etc/passwd) to the attacker mailbox.

I don't agree at all with your points.  Changing ld.so does not help
at all since somebody could just take out the code and recompile.  Not
even that is necessary: a simple ELF loader is trivial, you can have
an innocent looking program lying around.

There will be no check for the +x bits since this is pointless and
only obscuring the problem.  Besides, it does not open any security
holes.

-- 
---------------.                          ,-.   1325 Chesapeake Terrace
Ulrich Drepper  \    ,-------------------'   \  Sunnyvale, CA 94089 USA
Red Hat          `--' drepper at redhat.com   `------------------------

Follow-Ups:
- Re: [fyre@box3n.gumbynet.org: Re: ld-2.1.3.so allows users to run programs from noexec partition]
  - From: Rodrigo Barbosa (aka morcego)

References:
- [fyre@box3n.gumbynet.org: Re: ld-2.1.3.so allows users to run programs from noexec partition]
  - From: Rodrigo Barbosa (aka morcego)
- Re: [fyre@box3n.gumbynet.org: Re: ld-2.1.3.so allows users to run programs from noexec partition]
  - From: Ben Collins
- Re: [fyre@box3n.gumbynet.org: Re: ld-2.1.3.so allows users to run programs from noexec partition]
  - From: Daniel Jacobowitz
- Re: [fyre@box3n.gumbynet.org: Re: ld-2.1.3.so allows users to run programs from noexec partition]
  - From: Ben Collins
- Re: [fyre@box3n.gumbynet.org: Re: ld-2.1.3.so allows users to run programs from noexec partition]
  - From: Ulrich Drepper
- Re: [fyre@box3n.gumbynet.org: Re: ld-2.1.3.so allows users to run programs from noexec partition]
  - From: Rodrigo Barbosa (aka morcego)

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]