oss-sec mailing list archives

Re: ldd can execute an app unexpectedly

From: Tomas Hoger <thoger () redhat com>
Date: Tue, 8 Mar 2011 10:14:39 +0100

On Mon, 7 Mar 2011 18:27:05 -0500 Steve Grubb wrote:

 http://reverse.lostrealm.com/protect/ldd.html
 http://www.catonmat.net/blog/ldd-arbitrary-code-execution/

Besides telling everyone don't do that. ldd could take the PoV that
it should only call runtime linkers in trusted directories like /sbin
or /usr/sbin.


Upstream does not seem to consider this to be an issue:
  https://bugzilla.redhat.com/show_bug.cgi?id=531160#c1

Debian also uses the patch similar to what ldv pointed out - it changes
ldd to always do:

  LD_TRACE_LOADED_OBJECTS=1 /lib/ld-linux.so.2 /path/to/ELF-lib-or-binary

rather than:

  LD_TRACE_LOADED_OBJECTS=1 /path/to/ELF-lib-or-binary

-- 
Tomas Hoger / Red Hat Security Response Team

Current thread:

ldd can execute an app unexpectedly Steve Grubb (Mar 07)
- Re: ldd can execute an app unexpectedly Dmitry V. Levin (Mar 07)
  - Re: ldd can execute an app unexpectedly Steve Grubb (Mar 07)
  - Re: ldd can execute an app unexpectedly Tim Brown (Mar 07)
- Re: ldd can execute an app unexpectedly Tomas Hoger (Mar 08)
  - Re: ldd can execute an app unexpectedly Steve Grubb (Mar 08)