Re: ld.so and LD_PRELOAD
On Sat, 7 Jun 2003 04:02, Ben Collins wrote:
> > Now I don't want to maintain a SE Linux version of libc6 for a special
> > /lib/ld-linux.so.2 if I can avoid it. Also I think it would be ideal if
> > the functionality in this regard could support multiple security systems.
> > Would it be practical for /lib/ld-linux.so.2 to load a shared object to
> > determine whether LD_PRELOAD is allowed?
> I don't know too much about SE Linux, but what keeps someone who has
> root from dropping their own ld-linux.so.2 in there?
The same thing that stops them from replacing /etc/shadow and other important
files. Merely having root does not grant you much access on a SE Linux
system, see http://www.coker.com.au/selinux/play.html .
> I assume that SE Linux has some higherlevel traps than just root and
> not-root. What keeps them from doing:
> ./myld.so /bin/program-to-exploit
It's the same as doing "./myld.so /bin/passwd". Sure you can run that
command, it will run the program, but the program will get the same access as
determined by ./myld.so not that which would be granted by running
/bin/passwd (so therefore you can't modify /etc/shadow or do any other fun
> though? Is /lib/ld-linux.so.2 given some filesystem based attributes
> that gives it higher capabilities than some copied ld.so?
It's exactly the same as the default Linux situation regarding SUID files.
Run "./ld.so /bin/passwd" as non-root and the passwd program will attempt to
do it's thing, but it won't have any access to /etc/shadow and won't be able
to do anything. The same thing applies in SE Linux if you use the "./ld.so"
method to run a program that triggers a domain transition (the SE equivalent
of being SUID), as far as the kernel is concerned you are running the program
./ld.so and the program /bin/passwd (or whatever you are running) is just a
shared object that the program reads.
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page