Re: glibc LD_PRELOAD
Ethan Benson wrote:
> is potato vulnerable to the LD_PRELOAD file overwriting vulnerability
> discussed at http://www.securityfocus.com/vdb/bottom.html?vid=2223
>
> there was an unexplained libc6 update on Jan 10 for i386 (but not
> powerpc, not sure about other archs) to security.debian.org, all the
> changelog mentions is `Add backported security patch from glibc 2.2'
>
> current version of libc6 on powerpc is: 2.1.3-13
> current version of libc6 on i386 is: 2.1.3-15
I believe there have been attempts to fix this, atleast in 2.1.3-16 and
later. From the 2.1.3-16 changelog:
* Ok, include Solar Designers nifty patch for more security issues.
Thanks to Solar again for making me do a double release :)
-- Ben Collins <bcollins@debian.org> Sun, 14 Jan 2001 00:30:17 -0500
However 2.1.3-17 exhibits odd behavior which I mentioned to Ben in a
private email, though he hasn't got back to me on if its now deemed
"normal" or whatever. Basically ldd doesn't work as expected anymore, as
illustrated by:
[60]polyphony<~/>ls -l /usr/bin/wall
-rwxr-sr-x 1 root tty 9276 Jul 27 2000 /usr/bin/wall
[61]polyphony<~/>ldd /usr/bin/wall
y0
wall: /dev/:0: No such file or directory
Broadcast Message from jamie@polyphony
(/dev/pts/4) at 13:20 ...
y0
[62]polyphony<~/>sudo su -
polyphony:~# ldd /usr/bin/wall
hrmmm
wall: /dev/:0: No such file or directory
Broadcast Message from jamie@polyphony
(/dev/pts/4) at 13:21 ...
hrmmm
polyphony:~#
I have no idea if this has further reaching consequences, but ldd didn't
used to actually execute the programs you ran it on. This seems to only
affect sgid applications.
--
Jamie Heilman http://audible.transient.net/~jamie/
"Most people wouldn't know music if it came up and bit them on the ass."
-Frank Zappa
Reply to: