ld.so not ignoring LD_PRELOAD on seduid binaries?

To: debian-devel@lists.debian.org, brian@ristuccia.com
Subject: ld.so not ignoring LD_PRELOAD on seduid binaries?
From: joostje@komputilo.org (joost witteveen)
Date: Wed, 23 May 2001 15:26:07 +0200
Message-id: <[🔎] 20010523152606.D29558@komputilo.org>
Reply-to: joostje@debian.org

ld.so doesn't ignore LD_PRELOAD (but apparently fails to load any
libraries in LD_PRELOAD) if loading a seduit binary.

Apparently, when ld.so loads a setuid bin, and if $LD_PRELOAD 
has a `/', then ld.so silently ignores $LD_PRELOAD.
This is good, as any fool can install a .so lib that would
make /bin/su skip the passwd checking pass, and just hand root.

However, if $LD_PRELOAD doesn't have a `/' in it, ld.so
_does_ attempt to load the library -- and it fails:

$ LD_PRELOAD=libc.so.6 /bin/su
/bin/su: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory

It _is_ of cource good that ld.so fails to load the library:
for writers of setuid binaries it's hard enough to check their binary
cannot be exploited when linked against the specified libraries; if
you'd also have to check for a game-library that wraps `stat()' to
a function that reports the statistics, that would complicate matters...

Now, I'm wondering if anyone knows why ld.so silently ignores
$LD_PRELOAD if it does contain a `/', while it fails to load the
program when $LD_PRELOAD doesn't contain a `/'.

Thanks,
joostje

Reply to:

Follow-Ups:
- Re: ld.so not ignoring LD_PRELOAD on seduid binaries?
  - From: Brian Ristuccia <brian@ristuccia.com>

Prev by Date: j2sdkee
Next by Date: Re: Major changes to Heimdal in Heimdal 0.3e-5
Previous by thread: j2sdkee
Next by thread: Re: ld.so not ignoring LD_PRELOAD on seduid binaries?
Index(es):
- Date
- Thread