Bug#272210: libc6: LD_DEBUG should be ignored for suid/sgid binaries
At Sun, 26 Sep 2004 15:34:07 +0200,
Ulf H�hammar wrote:
> As you can see, you can make a program pause for several minutes with this
> technique. I'm not quite sure where the buffering comes from, if it's Perl or
> what. I suppose I should try this in some other language.
kill -SIGSTOP can also block the setuid program. So if your logic is
applied, an attacker can block the setuid program with a lot of kill
-STOP trial.
> To sum up: LD_DEBUG prints lots of output, and that allows an attacker to
> perform timing critical security attacks (doing nasty things between operations
> like adding symlinks) by pausing a program at an arbitrary point. As suid/sgid
> programs are the most security critical, libc6 should ignore LD_DEBUG when
> running those.
BTW, if pausing symlinks causes security problem, that program is
broken without LD_DEBUG.
Regards,
-- gotom
Reply to: