On Mon, Jul 26, 1999, Robert Watson wrote: > > Another cool attack on this mechanism is if the binary uses shared > libraries: modify LD_LIBRARY_PATH so that its favorite shared library is > your own version of the library, that proceeds to dump the entire > application to disk when executed. > > The challenge of adding additional sandbox/restrictions outside of the > traditional uid boundaries in UNIX is challenging. The number of ways to > influence a programs execution is quite sizable...
Perhaps an option when compiling the linker code to select whether to avoid or ignore LD_LIBRARY_PATH if a shared library it's looking for is in the default path. Another problem I've heard of in another OS is that if a suid root binary is dynamically linked, you could set LD_LIBRARY_PATH and make your own little libc which would, say, exec /bin/sh on something like printf. Options for both of those (or defaults) might be something to look into. Or is that second one fixed in FreeBSD? -- |Chris Costello <ch...@calldei.com> |[Unix] is not necessarily evil, like OS/2. - Peter Norton `---------------------------------------------------------- To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message
