Re: ld.so and LD_PRELOAD
On Sat, Jun 07, 2003 at 04:22:30AM +1000, Russell Coker wrote:
> The above URL contains a link to a discussion about LD_PRELOAD in SE Linux.
> It seems that if you can get root access to a SE Linux machine then LD_PRELOAD
> can be used (it's allowed if your real and effective UIDs match) to exploit
> system programs.
> The solution to this is to have ld-linux.so do a check for whether the secsid
> and osecsid of the process are equal in addition to the check for effective
> and real UIDs.
> Now I don't want to maintain a SE Linux version of libc6 for a special
> /lib/ld-linux.so.2 if I can avoid it. Also I think it would be ideal if the
> functionality in this regard could support multiple security systems. Would
> it be practical for /lib/ld-linux.so.2 to load a shared object to determine
> whether LD_PRELOAD is allowed?
I don't know too much about SE Linux, but what keeps someone who has
root from dropping their own ld-linux.so.2 in there?
I assume that SE Linux has some higherlevel traps than just root and
not-root. What keeps them from doing:
though? Is /lib/ld-linux.so.2 given some filesystem based attributes
that gives it higher capabilities than some copied ld.so?
Debian - http://www.debian.org/
Linux 1394 - http://www.linux1394.org/
Subversion - http://subversion.tigris.org/
Deqo - http://www.deqo.com/