PaulDotCom mailing list archives
Re: Privilege scalation with GNU ld dlopen
From: Mike Patterson <mike () snowcrash ca>
Date: Tue, 09 Nov 2010 18:58:01 -0500
On 10-11-09 11:19 AM, Xavier Garcia wrote:
One should be safe because users need admin rights to write there, but playing with setuid binaries is always dangerous.
Well, sure. But I think Nicholas' point was that your escalation ... isn't really such, given that on any unixy system, you need to go to great lengths to allow normal users to write to /lib. If I can write to /lib in order to implement your answer to "how do I escalate privileges with Tavis' exploit," I think that system already has a serious issue, one that goes beyond "it's got a vulnerable version of glibc installed."
This could be enforced by implementing a 'secure level' in the kernel, but then the maintenance of the system could be a nightmare. Imagine having to reboot a critical server just because the 'secure level' must be desabled in order to install patches :)
I don't just imagine it, I've done it. If that's what it takes, then that's what it takes. Your definition of critical may vary from mine though, and mine was the FreeBSD implementation, so I could install _some_ patches without rebooting. Your point about playing with setuid binaries is dangerous is well taken, but I'm not sure that I see how it applies given your proposed solution. Putting yourself into a situation where normal users can write to /lib is significantly more dangerous. Mike _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Privilege scalation with GNU ld dlopen Xavier Garcia (Nov 05)
- Re: Privilege scalation with GNU ld dlopen Xavier Garcia (Nov 09)
- Re: Privilege scalation with GNU ld dlopen Nicholas B. (Nov 09)
- Re: Privilege scalation with GNU ld dlopen Xavier Garcia (Nov 09)
- Re: Privilege scalation with GNU ld dlopen Joshua Wright (Nov 10)
- Re: Privilege scalation with GNU ld dlopen Mike Patterson (Nov 10)
- Re: Privilege scalation with GNU ld dlopen Mike Patterson (Nov 10)
- Re: Privilege scalation with GNU ld dlopen Xavi Garcia (Nov 10)
- Re: Privilege scalation with GNU ld dlopen Nicholas B. (Nov 09)
- Re: Privilege scalation with GNU ld dlopen Xavier Garcia (Nov 09)