Re: LD_PRELOAD used with setuid programs (was Re: Fakeroot security problem)

To: James Troup <J.J.Troup@scm.brad.ac.uk>
Cc: debian-private@lists.debian.org, libc6@packages.debian.org, ldso@packages.debian.org
Subject: Re: LD_PRELOAD used with setuid programs (was Re: Fakeroot security problem)
From: Christoph Lameter <christoph@lameter.com>
Date: Mon, 9 Feb 1998 18:39:09 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.980209183358.2252B-100000@lameter.com>
In-reply-to: <[🔎] dmmwwf4eaag.fsf@dcsun4.comp.brad.ac.uk>

Nobody should be able to run LD_PRELOAD with suid binaries. The issue with
nfslock can be solved differently as Joost has said. And being able to set
LD_PRELOAD on one machine and then rsh to exec a command on another
(and the other machine obeys the LD_PRELOAD!) seems to be another reason
to disable LD_PRELOAD. That raises a lot of security issues. If
nobody else will do it then I will upload a version that fixes the hole.

On 9 Feb 1998, James Troup wrote:

> Juan Cespedes <cespedes@debian.org> writes:
> 
> > Yes, both ld-linux.so.2 and ld-linux.so.1 should be fixed; nobody
> > should be able to run a setuid program in a LD_PRELOAD environment.
> > At least, I can't find any reason to allow it, and many people could
> > use it to try to find exploits.
> 
> But there _are_ reasons to do allow it (see below, and also add
> libnfslock to the list).  If there weren't any someone would have
> presented these patches much earlier.
> 
> ------- Start of forwarded message -------
> Message-ID:  <Pine.SUN.3.94.980208153330.7034A-100000@dfw.dfw.net>
> Date:         Sun, 8 Feb 1998 15:39:10 -0600
> Reply-To: Aleph One <aleph1@DFW.DFW.NET>
> From: Aleph One <aleph1@DFW.DFW.NET>
> Subject:      Re: Another ld-linux.so problem
> To: BUGTRAQ@NETSPACE.ORG
> 
> On Sat, 7 Feb 1998 carson@TLA.ORG wrote:
> 
> > Yes. SOCKSifying stupid protocols that require binding ports <1024, for
> > example. Assuming you install libsocks5_sh.so in /usr/lib, you can do:
> >
> > $ (export LD_PRELOAD=/usr/lib/libsocks5_sh.so; rsh machine.outside.firewall
> > pwd)
> >
> > and have it work. This is basically what the runsocks script does.
> 
> Another example: installing a library that overides mktemp, tempnam and
> other dangerous library functions with more secure ones. So the feature
> is indeed useful. The correct behavior should be for the dynamic linker
> to give up at the first error. Alternatively you should be able to
> configure such libraries via the configuration file instead of an
> environment variable. You cant do so now as far as I can tell.
> 
> > --
> > Carson Gaspar -- carson@cs.columbia.edu carson@tla.org carson@cugc.org
> > http://www.cs.columbia.edu/~carson/home.html
> > Queen Trapped in a Butch Body
> >
> 
> Aleph One / aleph1@dfw.net
> http://underground.org/
> KeyID 1024/948FD6B5
> Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01
> 
> ------- End of forwarded message -------
> 
> -- 
> James
> 
> 
> --
> TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
> debian-private-request@lists.debian.org . 
> Trouble?  e-mail to templin@bucknell.edu .
> 
> 
> 


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-sparc-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: LD_PRELOAD used with setuid programs (was Re: Fakeroot security problem)
  - From: Dale Scheetz <dwarf@polaris.net>

References:
- Re: LD_PRELOAD used with setuid programs (was Re: Fakeroot security problem)
  - From: James Troup <J.J.Troup@scm.brad.ac.uk>

Prev by Date: Re: LD_PRELOAD used with setuid programs (was Re: Fakeroot security problem)
Next by Date: Re: LD_PRELOAD used with setuid programs (was Re: Fakeroot security problem)
Previous by thread: Re: LD_PRELOAD used with setuid programs (was Re: Fakeroot security problem)
Next by thread: Re: LD_PRELOAD used with setuid programs (was Re: Fakeroot security problem)
Index(es):
- Date
- Thread