[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: port 6051: hacked?

On Sat, Sep 14, 2002 at 01:34:13PM +0200, Michelle Konzack wrote:
> >try putting any binary, as a test, in /tmp, e.g. copy /bin/ls to
> >/tmp/testexe. Then issue the command
> >
> >/lib/ld-linux.so.2 /tmp/testexe
> Oops.... Why is it ???

 Because that's how ld.so works.  It's an ELF interpreter, just like perl is
a perl interpreter; perl /tmp/foo.pl works on a noexec filesystem (I'm

> It may be a very big security problem...

 The only security problem here is the reliance on mounting with noexec in
the belief that this will prevent anything.  nosuid is useful, but noexec
isn't.  (Maybe in a restricted shell environment, where ld.so couldn't be
run by name, only as an interpreter started by the kernel.)

#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BC

Reply to: