[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ld.so bug - LD_DEBUG_OUTPUT follows symlinks
|
From: |
Elias Levy |
|
Subject: |
ld.so bug - LD_DEBUG_OUTPUT follows symlinks |
|
Date: |
Mon, 25 Sep 2000 22:09:45 -0700 |
Return-Path: <address@hidden>
Delivered-To: address@hidden
Received: from securityfocus.com (mail.securityfocus.com [207.126.127.78])
by lists.securityfocus.com (Postfix) with SMTP id 8C0131EEB7
for <address@hidden>; Mon, 25 Sep 2000 17:10:33 -0700 (PDT)
Received: (qmail 10469 invoked by alias); 26 Sep 2000 00:12:20 -0000
Delivered-To: address@hidden
Received: (qmail 10466 invoked from network); 26 Sep 2000 00:12:19 -0000
Received: from ns.pilsedu.cz (193.179.177.2)
by mail.securityfocus.com with SMTP; 26 Sep 2000 00:12:19 -0000
Received: from kronos.pilsedu.cz (kronos.pilsedu.cz [193.179.177.4])
by ns.pilsedu.cz (Postfix) with ESMTP id 3C066CF34
for <address@hidden>; Tue, 26 Sep 2000 02:11:15 +0200 (CEST)
Received: by kronos.pilsedu.cz (Postfix, from userid 1000)
id 0670B3DC22; Tue, 26 Sep 2000 02:11:13 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by kronos.pilsedu.cz (Postfix) with ESMTP id 2D0272A55B
for <address@hidden>; Tue, 26 Sep 2000 02:11:13 +0200 (CEST)
Date: Tue, 26 Sep 2000 02:11:12 +0200 (CEST)
From: Jakub Vlasek <address@hidden>
X-Sender: address@hidden
To: address@hidden
Subject: ld.so bug - LD_DEBUG_OUTPUT follows symlinks
Message-ID: <address@hidden>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hi,
ld.so from glibc2 doesn't unset variables LD_DEBUG_OUTPUT and LD_DEBUG
when running suid. If program calls setuid(0) and then fork(), child
process will follow prepared symlink ($LD_DEBUG_OUTPUT.$pid) and
overwrites any file in system.
Jakub Vlasek
----- End forwarded message -----
--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
- ld.so bug - LD_DEBUG_OUTPUT follows symlinks,
Elias Levy <=