oss-sec mailing list archives
Re: ldd can execute an app unexpectedly
From: Tomas Hoger <thoger () redhat com>
Date: Tue, 8 Mar 2011 10:14:39 +0100
On Mon, 7 Mar 2011 18:27:05 -0500 Steve Grubb wrote:
http://reverse.lostrealm.com/protect/ldd.html http://www.catonmat.net/blog/ldd-arbitrary-code-execution/ Besides telling everyone don't do that. ldd could take the PoV that it should only call runtime linkers in trusted directories like /sbin or /usr/sbin.
Upstream does not seem to consider this to be an issue: https://bugzilla.redhat.com/show_bug.cgi?id=531160#c1 Debian also uses the patch similar to what ldv pointed out - it changes ldd to always do: LD_TRACE_LOADED_OBJECTS=1 /lib/ld-linux.so.2 /path/to/ELF-lib-or-binary rather than: LD_TRACE_LOADED_OBJECTS=1 /path/to/ELF-lib-or-binary -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- ldd can execute an app unexpectedly Steve Grubb (Mar 07)
- Re: ldd can execute an app unexpectedly Dmitry V. Levin (Mar 07)
- Re: ldd can execute an app unexpectedly Steve Grubb (Mar 07)
- Re: ldd can execute an app unexpectedly Tim Brown (Mar 07)
- Re: ldd can execute an app unexpectedly Tomas Hoger (Mar 08)
- Re: ldd can execute an app unexpectedly Steve Grubb (Mar 08)
- Re: ldd can execute an app unexpectedly Dmitry V. Levin (Mar 07)