Re: ld.so and LD_PRELOAD

To: Ben Collins <bcollins@debian.org>
Cc: Russell Coker <russell@coker.com.au>, debian-devel@lists.debian.org
Subject: Re: ld.so and LD_PRELOAD
From: Brian May <bam@debian.org>
Date: Sat, 7 Jun 2003 10:50:10 +1000
Message-id: <[🔎] 20030607005010.GB27123@snoopy.apana.org.au>
Mail-followup-to: Brian May <bam@debian.org>, Ben Collins <bcollins@debian.org>, Russell Coker <russell@coker.com.au>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20030606180207.GL18933@phunnypharm.org>
References: <[🔎] 200306070422.30167.russell@coker.com.au> <[🔎] 20030606180207.GL18933@phunnypharm.org>

On Fri, Jun 06, 2003 at 02:02:07PM -0400, Ben Collins wrote:
> I don't know too much about SE Linux, but what keeps someone who has
> root from dropping their own ld-linux.so.2 in there?
> 
> I assume that SE Linux has some higherlevel traps than just root and
> not-root. What keeps them from doing:
> 
> ./myld.so /bin/program-to-exploit
> 
> though? Is /lib/ld-linux.so.2 given some filesystem based attributes
> that gives it higher capabilities than some copied ld.so?

IIRC this is not a problem.

/lib/ld-linux.so.2 won't have the same file label as
/bin/program-to-exploit (which causes the domain to change).

So execing /lib/ld-linux.so.2 won't cause the domain to change.

I am not sure how /lib/ld-linux.so.2 runs the program, but it doesn't
fork or exec, so the domain will remain the same.
-- 
Brian May <bam@debian.org>

Reply to:

References:
- ld.so and LD_PRELOAD
  - From: Russell Coker <russell@coker.com.au>
- Re: ld.so and LD_PRELOAD
  - From: Ben Collins <bcollins@debian.org>

Prev by Date: Re: ftp.au.debian.org
Next by Date: Re: New atlas packages
Previous by thread: Re: ld.so and LD_PRELOAD
Next by thread: Re: ld.so and LD_PRELOAD
Index(es):
- Date
- Thread