Re: ld.so and LD_PRELOAD
On Sat, Jun 07, 2003 at 04:22:30AM +1000, Russell Coker wrote:
> http://marc.theaimsgroup.com/?l=selinux&m=105492305125090&w=2
> The above URL contains a link to a discussion about LD_PRELOAD in SE Linux.
>
> It seems that if you can get root access to a SE Linux machine then LD_PRELOAD
> can be used (it's allowed if your real and effective UIDs match) to exploit
> system programs.
>
> The solution to this is to have ld-linux.so do a check for whether the secsid
> and osecsid of the process are equal in addition to the check for effective
> and real UIDs.
>
> Now I don't want to maintain a SE Linux version of libc6 for a special
> /lib/ld-linux.so.2 if I can avoid it. Also I think it would be ideal if the
> functionality in this regard could support multiple security systems. Would
> it be practical for /lib/ld-linux.so.2 to load a shared object to determine
> whether LD_PRELOAD is allowed?
I don't know too much about SE Linux, but what keeps someone who has
root from dropping their own ld-linux.so.2 in there?
I assume that SE Linux has some higherlevel traps than just root and
not-root. What keeps them from doing:
./myld.so /bin/program-to-exploit
though? Is /lib/ld-linux.so.2 given some filesystem based attributes
that gives it higher capabilities than some copied ld.so?
--
Debian - http://www.debian.org/
Linux 1394 - http://www.linux1394.org/
Subversion - http://subversion.tigris.org/
Deqo - http://www.deqo.com/
Reply to: