Bugtraq mailing list archives
Can you really trust a path?
From: md () LINUX IT (Marco d'Itri)
Date: Fri, 15 Jan 1999 22:12:31 +0100
AFAIK no one suggested yet that trusted path implementations like the ones in recent Phrack issues can be trivially broken with perl XS modules. A step by step guide to convert your favourite exploits can be found in perlxstut(1p). Another way to execute your code in a trusted path environment is exploiting the ability of some programs (e.g. BitchX) to link shared objects at run time from a predefined set or even user-supplied ones. libdl looks at $LD_LIBRARY_PATH too, so the user can supply his own directory with a shared object containing arbitrary code. -- ciao, Marco
Current thread:
- Can you really trust a path? Marco d'Itri (Jan 15)
- Re: Can you really trust a path? route () RESENTMENT INFONEXUS COM (Jan 16)
- <Possible follow-ups>
- Re: Can you really trust a path? Marco d'Itri (Jan 20)