Re: LD_PRELOAD used with setuid programs (was Re: Fakeroot security problem)

To: debian-private@lists.debian.org, libc6@packages.debian.org, ldso@packages.debian.org
Subject: Re: LD_PRELOAD used with setuid programs (was Re: Fakeroot security problem)
From: James Troup <J.J.Troup@scm.brad.ac.uk>
Date: 09 Feb 1998 21:30:15 +0000
Message-id: <[🔎] dmmwwf4eaag.fsf@dcsun4.comp.brad.ac.uk>
In-reply-to: Juan Cespedes's message of "Sun, 8 Feb 1998 23:03:03 +0100"
References: <19980128234646.7435.qmail@va.debian.org> <19980128235245.26531@aziraphale.pet.cam.ac.uk> <[🔎] 19980208230303.35156@gizmo>

Juan Cespedes <cespedes@debian.org> writes:

> Yes, both ld-linux.so.2 and ld-linux.so.1 should be fixed; nobody
> should be able to run a setuid program in a LD_PRELOAD environment.
> At least, I can't find any reason to allow it, and many people could
> use it to try to find exploits.

But there _are_ reasons to do allow it (see below, and also add
libnfslock to the list).  If there weren't any someone would have
presented these patches much earlier.

------- Start of forwarded message -------
Message-ID:  <Pine.SUN.3.94.980208153330.7034A-100000@dfw.dfw.net>
Date:         Sun, 8 Feb 1998 15:39:10 -0600
Reply-To: Aleph One <aleph1@DFW.DFW.NET>
From: Aleph One <aleph1@DFW.DFW.NET>
Subject:      Re: Another ld-linux.so problem
To: BUGTRAQ@NETSPACE.ORG

On Sat, 7 Feb 1998 carson@TLA.ORG wrote:

> Yes. SOCKSifying stupid protocols that require binding ports <1024, for
> example. Assuming you install libsocks5_sh.so in /usr/lib, you can do:
>
> $ (export LD_PRELOAD=/usr/lib/libsocks5_sh.so; rsh machine.outside.firewall
> pwd)
>
> and have it work. This is basically what the runsocks script does.

Another example: installing a library that overides mktemp, tempnam and
other dangerous library functions with more secure ones. So the feature
is indeed useful. The correct behavior should be for the dynamic linker
to give up at the first error. Alternatively you should be able to
configure such libraries via the configuration file instead of an
environment variable. You cant do so now as far as I can tell.

> --
> Carson Gaspar -- carson@cs.columbia.edu carson@tla.org carson@cugc.org
> http://www.cs.columbia.edu/~carson/home.html
> Queen Trapped in a Butch Body
>

Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01

------- End of forwarded message -------

-- 
James

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-sparc-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: LD_PRELOAD used with setuid programs (was Re: Fakeroot security problem)
  - From: James Troup <J.J.Troup@scm.brad.ac.uk>
- Re: LD_PRELOAD used with setuid programs (was Re: Fakeroot security problem)
  - From: joost@rulcmc.leidenuniv.nl (joost witteveen)
- Re: LD_PRELOAD used with setuid programs (was Re: Fakeroot security problem)
  - From: Juan Cespedes <cespedes@debian.org>
- Re: LD_PRELOAD used with setuid programs (was Re: Fakeroot security problem)
  - From: Christoph Lameter <christoph@lameter.com>

References:
- LD_PRELOAD used with setuid programs (was Re: Fakeroot security problem)
  - From: Juan Cespedes <cespedes@debian.org>

Prev by Date: Re: boot-floppies progress
Next by Date: Re: LD_PRELOAD used with setuid programs (was Re: Fakeroot security problem)
Previous by thread: LD_PRELOAD used with setuid programs (was Re: Fakeroot security problem)
Next by thread: Re: LD_PRELOAD used with setuid programs (was Re: Fakeroot security problem)
Index(es):
- Date
- Thread