Date: Mon, 26 Jul 1999 05:40:37 -0500 From: Chris Costello <chris@calldei.com> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: jkoshy@FreeBSD.ORG, hackers@FreeBSD.ORG, sef@FreeBSD.ORG Subject: Re: yet more ways to attack executing binaries (was Re: deny ktrace without read permissions? ) Message-ID: <19990726054037.D79022@holly.dyndns.org> In-Reply-To: <Pine.BSF.3.96.990726062851.9903C-100000@fledge.watson.org>; from Robert Watson on Mon, Jul 26, 1999 at 06:31:14AM -0400 References: <199907260544.WAA13646@freefall.freebsd.org> <Pine.BSF.3.96.990726062851.9903C-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 26, 1999, Robert Watson wrote: > > Another cool attack on this mechanism is if the binary uses shared > libraries: modify LD_LIBRARY_PATH so that its favorite shared library is > your own version of the library, that proceeds to dump the entire > application to disk when executed. > > The challenge of adding additional sandbox/restrictions outside of the > traditional uid boundaries in UNIX is challenging. The number of ways to > influence a programs execution is quite sizable... Perhaps an option when compiling the linker code to select whether to avoid or ignore LD_LIBRARY_PATH if a shared library it's looking for is in the default path. Another problem I've heard of in another OS is that if a suid root binary is dynamically linked, you could set LD_LIBRARY_PATH and make your own little libc which would, say, exec /bin/sh on something like printf. Options for both of those (or defaults) might be something to look into. Or is that second one fixed in FreeBSD? -- |Chris Costello <chris@calldei.com> |[Unix] is not necessarily evil, like OS/2. - Peter Norton `---------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990726054037.D79022>