ld.so and LD_PRELOAD

To: debian-devel@lists.debian.org
Subject: ld.so and LD_PRELOAD
From: Russell Coker <russell@coker.com.au>
Date: Sat, 7 Jun 2003 04:22:30 +1000
Message-id: <[🔎] 200306070422.30167.russell@coker.com.au>
Reply-to: Russell Coker <russell@coker.com.au>

http://marc.theaimsgroup.com/?l=selinux&m=105492305125090&w=2
The above URL contains a link to a discussion about LD_PRELOAD in SE Linux.

It seems that if you can get root access to a SE Linux machine then LD_PRELOAD 
can be used (it's allowed if your real and effective UIDs match) to exploit 
system programs.

The solution to this is to have ld-linux.so do a check for whether the secsid 
and osecsid of the process are equal in addition to the check for effective 
and real UIDs.

Now I don't want to maintain a SE Linux version of libc6 for a special 
/lib/ld-linux.so.2 if I can avoid it.  Also I think it would be ideal if the 
functionality in this regard could support multiple security systems.  Would 
it be practical for /lib/ld-linux.so.2 to load a shared object to determine 
whether LD_PRELOAD is allowed?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- Re: ld.so and LD_PRELOAD
  - From: Ben Collins <bcollins@debian.org>
- Re: ld.so and LD_PRELOAD
  - From: Emile van Bergen <emile-deb@evbergen.xs4all.nl>

Prev by Date: Re: OpenOffice in other menu?
Next by Date: Re: ftp.au.debian.org
Previous by thread: Re: OpenOffice in other menu?
Next by thread: Re: ld.so and LD_PRELOAD
Index(es):
- Date
- Thread