Re: execturing libc
Wouter Verhelst <wouter@debian.org> writes:
> On Thu, Feb 03, 2005 at 04:31:02PM +0100, Goswin von Brederlow wrote:
>> mrvn@frosties:~% /lib64/ld-linux-x86-64.so.2 /lib/libc-2.3.2.so
>> GNU C Library stable release version 2.3.2, by Roland McGrath et al.
>> Copyright (C) 2003 Free Software Foundation, Inc.
>> This is free software; see the source for copying conditions.
>> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
>> PARTICULAR PURPOSE.
>> Compiled by GNU CC version 3.3.5 (Debian 1:3.3.5-6).
>> Compiled on a Linux 2.6.0-test7 system on 2005-01-12.
>> Available extensions:
>> GNU libio by Per Bothner
>> crypt add-on version 2.1 by Michael Glad and others
>> NPTL 0.60 by Ulrich Drepper
>> BIND-8.2.3-T5B
>> NIS(YP)/NIS+ NSS modules 0.19 by Thorsten Kukuk
>> Thread-local storage support included.
>> Report bugs using the `glibcbug' script to <bugs@gnu.org>.
>>
>>
>> And exactly that info is the reason why one may want to execute libc.
>
> There's also the fact that an executable libc is a nice way to
> circumvent a 'noexec' restriction on a mount point :-)
How does libc help?
mrvn@frosties:~% sudo chmod a+x /lib/libc-2.3.2.so
mrvn@frosties:~% /lib/libc-2.3.2.so /bin/sh
GNU C Library stable release version 2.3.2, by Roland McGrath et al.
Copyright (C) 2003 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 3.3.5 (Debian 1:3.3.5-6).
Compiled on a Linux 2.6.0-test7 system on 2005-01-12.
Available extensions:
GNU libio by Per Bothner
crypt add-on version 2.1 by Michael Glad and others
NPTL 0.60 by Ulrich Drepper
BIND-8.2.3-T5B
NIS(YP)/NIS+ NSS modules 0.19 by Thorsten Kukuk
Thread-local storage support included.
Report bugs using the `glibcbug' script to <bugs@gnu.org>.
Libc doesn't execute its arguments.
The way to circumvent a noexec is to call the dynamic linker like I
did for libc:
/lib64/ld-linux-x86-64.so.2 <any file>
MfG
Goswin
Reply to: