Re: KEYWORDS: shared objects, dynamic linking,

From: Sebastian Jaenicke (tsaat_private)
Date: Sat Oct 20 2001 - 11:31:11 PDT

Next message: Pavel Kankovsky: "Re: Open Response To Microsoft Security - RE: It's Time to End Information Anarchy"

Previous message: leon: "RE: 0-day exploit..do i hear $1000? (a net admins 2 cents)"
In reply to: Aycan Irican: "KEYWORDS: shared objects, dynamic linking,"
Next in thread: Dom De Vitto: "RE: KEYWORDS: shared objects, dynamic linking,"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

On Sat, Oct 20, 2001 at 02:13:23PM +0300, Aycan Irican wrote:
[..]
>       [aycan@mars doc]$ uname -a
>       Linux deadbeef 2.4.12 #13D SMP Wed Oct 17 11:54:46 CEST 2001 i586       unknown
>       [aycan@mars doc]$ ls -al /usr/X11R6/bin/xlock
>       -r-sr-xr-x   1 root     root      1406536 May  3 12:49 /usr/X11R6/bin/xlock
>
> I couldn't see any path when I looked at objdump output ...so I think I can
> export my LD_RUN_PATH variable to inject MY OWN libXpm.so.4 magically :)
>
> what I'm doing wrong here?
> is it possible to inject suspicious shared objects so suid program is
> compromised?
[..]

AFAIK the system doesn't honor your LD_LIBRARY_PATH with dynamically
linked suid/sgid-binaries. Otherwise, a compromise would be way too 
easy. ;-)

Sebastian

-- 
Sebastian Jaenicke
whois pgpkey-18AC0BE4at_private|perl -ne's-^certif: +--&&print'

application/pgp-signature attachment: stored

Next message: Pavel Kankovsky: "Re: Open Response To Microsoft Security - RE: It's Time to End Information Anarchy"
Previous message: leon: "RE: 0-day exploit..do i hear $1000? (a net admins 2 cents)"
In reply to: Aycan Irican: "KEYWORDS: shared objects, dynamic linking,"
Next in thread: Dom De Vitto: "RE: KEYWORDS: shared objects, dynamic linking,"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Oct 20 2001 - 13:12:07 PDT