Bugtraq mailing list archives
Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x
From: johnsonm () REDHAT COM (Michael K. Johnson)
Date: Wed, 25 Aug 1999 12:44:41 -0400
Michal Zalewski writes:
First of all - doing /lib/ld-linux.so.2 /program/on/noexec/partition is the simpliest way to bypass noexec option, if only you have glibc 2.0.x.
Let's make sure we understand this correctly: #!/bin/sh /lib/ld-linux.so.2 "$@" is roughly equivalent to: #!/bin/sh file=$1 shift cp $file /tmp /tmp/$file "$@" rm /tmp/$file (pardon any typos, I didn't try running it...) And, of course, no one is capable of using mmap and PROT_EXEC to do their own ld-linux.so-like wrapper, especially since no one has the glibc source code to start from. ;-)
Nothing to say, security by obscurity stinks.
The noexec mount option is not a security feature. It's a convenience feature. It is unfortunate that people think that it is a security feature, and I will say that you have found one of the more interesting and subtle ways to show that it is not a security feature, but this is NOT a glibc bug. I do not know of any reason that it would hurt for ld-linux.so.2 to not execute things that aren't executable (there might be, I just don't know one way or the other) but THAT would be a laughable attempt at security by obscurity, which, as you say, stinks. michaelkjohnson "Magazines all too frequently lead to books and should be regarded by the prudent as the heavy petting of literature." -- Fran Lebowitz Linux Application Development http://people.redhat.com/johnsonm/lad/
Current thread:
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Andreas Jaeger (Aug 24)
- <Possible follow-ups>
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Olaf Kirch (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Benjamin Smee (Aug 29)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michael K. Johnson (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michal Zalewski (Jul 04)
- [patch] ProFTPd remote root exploit Nic Bellamy (Aug 29)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michael K. Johnson (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michal Zalewski (Jul 04)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Josip Rodin (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Chris Butler (Aug 28)