Re: LD_PROFILE local root exploit for solaris 2.6

From: Eric Daniel (edanielat_private)
Date: Tue Sep 28 1999 - 09:44:40 PDT

Next message: Troy A. Bollinger: "Re: named-xfer hole on AIX (fwd)"

Previous message: posix: "ufsdump problem under Solaris 2.6 with ufs.c"
Maybe in reply to: Steve Mynott: "LD_PROFILE local root exploit for solaris 2.6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Sep 24, 1999 at 10:30:32AM +0200, Casper Dik wrote:
> This is bug 4150646 (or rather, 1241843, which resurfaced after an
> extensive rewrite of the dynamic linker)
>
> It's been fixed in Solaris 7 and with the following patches in other
> releases:
>
> 103242-07: SunOS 5.5: linker patch

It seems that the hole was fixed in the 103242-05 patch, but came back in
the 103242-07 patch. If you can't apply a patch immediately, one simple
workaround is to remove /usr/ccs/lib/link_audit/ldprof.so.1 (if you don't
care about profiling)

Note that this workaround doesn't work for other instances of this bug:
for instance, under SunOS 5.5.1 with the  103627-02 patch, any file
ldprof.so.1 in LD_LIBRARY_PATH will be loaded.

Eric Daniel

Next message: Troy A. Bollinger: "Re: named-xfer hole on AIX (fwd)"
Previous message: posix: "ufsdump problem under Solaris 2.6 with ufs.c"
Maybe in reply to: Steve Mynott: "LD_PROFILE local root exploit for solaris 2.6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:05:34 PDT