[Marco d'Itri wrote] | | AFAIK no one suggested yet that trusted path implementations like the | ones in recent Phrack issues can be trivially broken with perl XS | modules. A step by step guide to convert your favourite exploits can be | found in perlxstut(1p). Interpreters of any kind can be used to break TPE. The article in question (http://www.rrdl.net/daemon9/Projects/Phrack/P54-06) discusses this to a certain extent. | Another way to execute your code in a trusted path environment is | exploiting the ability of some programs (e.g. BitchX) to link shared | objects at run time from a predefined set or even user-supplied ones. | libdl looks at $LD_LIBRARY_PATH too, so the user can supply his own | directory with a shared object containing arbitrary code. This is also mentioned in the article, and the suite provides a workaround, "ld.so environment protection". The fact of the matter is that there are numerous ways to break trusted path execution. The major reason for this is that it is a retrofit to an existing infrastructure. TPE is not a panacea by any means, however, it does afford the admin protection from typical localhost attacks (especially from cut and paste attackers). It also, to a certain extent, keeps users from hacking from your machine. -- I live a world of paradox... My willingness to destroy is your chance for improvement, my hate is your faith -- my failure is your victory, a victory that won't last.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:29:03 PDT