This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
Re: [fyre@box3n.gumbynet.org: Re: ld-2.1.3.so allows users to run programs from noexec partition]
"Rodrigo Barbosa (aka morcego)" <rodrigob@conectiva.com.br> writes:
> Okey, I know many (most) of the cases, this ld.so executing
> "feature" is a noissue. But when a user can only write to /tmp, and
> /tmp is noexec'd, then this does become an issue, as I'm sure you
> agree, even if the program in question does nothing more then send a
> userlist (taken from /etc/passwd) to the attacker mailbox.
I don't agree at all with your points. Changing ld.so does not help
at all since somebody could just take out the code and recompile. Not
even that is necessary: a simple ELF loader is trivial, you can have
an innocent looking program lying around.
There will be no check for the +x bits since this is pointless and
only obscuring the problem. Besides, it does not open any security
holes.
--
---------------. ,-. 1325 Chesapeake Terrace
Ulrich Drepper \ ,-------------------' \ Sunnyvale, CA 94089 USA
Red Hat `--' drepper at redhat.com `------------------------