[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ld.so and LD_PRELOAD

On Sat, Jun 07, 2003 at 04:22:30AM +1000, Russell Coker wrote:
> http://marc.theaimsgroup.com/?l=selinux&m=105492305125090&w=2
> The above URL contains a link to a discussion about LD_PRELOAD in SE Linux.
> It seems that if you can get root access to a SE Linux machine then LD_PRELOAD 
> can be used (it's allowed if your real and effective UIDs match) to exploit 
> system programs.
> The solution to this is to have ld-linux.so do a check for whether the secsid 
> and osecsid of the process are equal in addition to the check for effective 
> and real UIDs.
> Now I don't want to maintain a SE Linux version of libc6 for a special 
> /lib/ld-linux.so.2 if I can avoid it.  Also I think it would be ideal if the 
> functionality in this regard could support multiple security systems.  Would 
> it be practical for /lib/ld-linux.so.2 to load a shared object to determine 
> whether LD_PRELOAD is allowed?

I don't know too much about SE Linux, but what keeps someone who has
root from dropping their own ld-linux.so.2 in there?

I assume that SE Linux has some higherlevel traps than just root and
not-root. What keeps them from doing:

./myld.so /bin/program-to-exploit

though? Is /lib/ld-linux.so.2 given some filesystem based attributes
that gives it higher capabilities than some copied ld.so?

Debian     - http://www.debian.org/
Linux 1394 - http://www.linux1394.org/
Subversion - http://subversion.tigris.org/
Deqo       - http://www.deqo.com/

Reply to: