On 12/12/2010 06:57 AM, bendeguz wrote: > Hi! > > I tried the exploits on the lfs-dev mailing list and the > exploit here http://seclists.org/fulldisclosure/2010/Oct/257, > but something is wrong. It doesn't work as "expected". > > In the latter case: > > $ LD_AUDIT="\$ORIGIN" exec /proc/self/fd/3 > Inconsistency detected by ld.so: dl-open.c: 231: dl_open_worker: Assertion > '(call_map)->l_name[0] == '\0'' failed! > > then, from console, it drops me to login prompt >
I guess I don't understand the test case. What was the expectation? 3 == $ppid (in this case exec (a bash bultin)). Bash isn't setuid and is not compiled with -rpath so I don't see the concern. I'm not sure why it killed the parent. -- DJ Lucas -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
