tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: dlopen() and libpthread

I'm sorry Emmanuel, I meant to post my message to the list, not directly
to you! I'm overtired.

On Mon, 22 Oct 2012 12:20:02 +0000
Emmanuel Dreyfus <> wrote:

> On Mon, Oct 22, 2012 at 11:21:06AM +0100, Julian Yon wrote:
> > If not careful this could open up a family of attacks where someone
> > finds a way to preload a library other than that intended, e.g. by
> > use of chroot.
> You need to be root to call chroot(2). If you can take for granted tha
> the attacker is able to write stuff in /etc/ then there are many way
> to root the systtem, anyway.

Yes, I'm aware only root can chroot. I think I was thinking in terms of
amplification, i.e. some theoretical attack becomes viable because of
an unnecessary hole which wasn't there previously. Nothing concrete
springs to mind.

> > Linux's has a restriction on LD_PRELOAD that ?For
> > setuid/setgid ELF binaries, only libraries in the standard search
> > directories that are also setgid will be loaded.? I don't have a
> > NetBSD system to hand to check: Does NetBSD enforce the same
> > restriction?
> Not AFAIK. We could do the same, except that this approach does not
> play well with su/pam/ We would neet to always have
> LD_PRELOAD set in the shell, just in case the user runs su. Or have
> a shell-script wrapper around su.

The problem with this sort of kludge is that later on nobody can
remember why it was necessary or what actually needs to be fixed.


3072D/F3A66B3A Julian Yon (2012 General Use) <>

Attachment: signature.asc
Description: PGP signature

Home | Main Index | Thread Index | Old Index