[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#98467: ld.so not ignoring LD_PRELOAD on seduid binaries?



> > Well, with the old ld.so from David Engel (libc5), it was possible
> > to add the directories to /etc/ld.so.conf, and not use LD_LIBRARY_PATH.
> > If that works for the new one too, then builds that clobber
> > LD_LIBRARY_PATH would still be possible to support.
> 
> Of course it still works. The problem is that libraries in these
> directories are considered "secure", and libfakeroot being considered
> "secure" is a bad thing. This is the whole reason it is in a
> subdirectory to begin with.

...beter try before you say `of course'...

I just (again) tried, and even if I switch on the +s bits, and put
libfakeroot.so* in /usr/X11R6/lib/neXtaw (mentioned in my /etc/ld.so.conf,
and in ldconfig -v), then still ld-2.2.3.so refuses to load `su'
(if LD_PRELOAD is set to libfakeroot.so.0, and LD_LIBRARY_PATH is unset).

I actually have to move the setuid libfakeroot.so* to /lib, before
ld.so accepts loading `su'.


This, BTW, leaves out the argument of `secure' libraries in /etc/ld.so.conf.
Those libraries are _not_ considered secure by me -- they don't contain
malicious code, but the code in most of those libraries wasn't written with
setuid binaries in mind, and it shouldn't be assumed that any library in
a path mentioned in /etc/ld.so.conf can be loaded by a setuid binary,
if the local user so wishes.

-- 
joostje



Reply to: