Can you really trust a path?

From: Marco d'Itri (mdat_private)
Date: Fri Jan 15 1999 - 13:12:31 PST

Next message: Joseph K Shraibman: "Re: NIS and NIS+ ephemeral ports"

Previous message: Joel Knight: "DPEC Online Courseware"
Next in thread: routeat_private: "Re: Can you really trust a path?"
Reply: routeat_private: "Re: Can you really trust a path?"
Reply: Marco d'Itri: "Re: Can you really trust a path?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

AFAIK no one suggested yet that trusted path implementations like the
ones in recent Phrack issues can be trivially broken with perl XS
modules. A step by step guide to convert your favourite exploits can be
found in perlxstut(1p).

Another way to execute your code in a trusted path environment is
exploiting the ability of some programs (e.g. BitchX) to link shared
objects at run time from a predefined set or even user-supplied ones.
libdl looks at $LD_LIBRARY_PATH too, so the user can supply his own
directory with a shared object containing arbitrary code.

--
ciao,
Marco

Next message: Joseph K Shraibman: "Re: NIS and NIS+ ephemeral ports"
Previous message: Joel Knight: "DPEC Online Courseware"
Next in thread: routeat_private: "Re: Can you really trust a path?"
Reply: routeat_private: "Re: Can you really trust a path?"
Reply: Marco d'Itri: "Re: Can you really trust a path?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:29:02 PDT