Date: Mon, 26 Jul 1999 12:01:44 -0500 From: Chris Costello <chris@calldei.com> To: Nate Williams <nate@mt.sri.com> Cc: Dominic Mitchell <Dom.Mitchell@palmerharvey.co.uk>, jkoshy@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: yet more ways to attack executing binaries (was Re: deny ktrace without read permissions? ) Message-ID: <19990726120144.E85663@holly.dyndns.org> In-Reply-To: <199907261652.KAA19121@mt.sri.com>; from Nate Williams on Mon, Jul 26, 1999 at 10:52:34AM -0600 References: <19990726054037.D79022@holly.dyndns.org> <199907261116.EAA43920@freefall.freebsd.org> <19990726132132.B78403@voodoo.pandhm.co.uk> <199907261652.KAA19121@mt.sri.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 26, 1999, Nate Williams wrote: > > > LD_LIBRARY_PATH, LD_PRELOAD and LD_DEBUG are ignored for setuid executables > > > in FreeBSD. > > > > But the point being made is that they are not ignored for executables > > which have no read access. And from there, read access can be gained, > > because at that point, you have code running in the process's address > > space. > > That's right. In other words, there really is no way of protecting > executable files from being read if someone is motivated enough. > > And, in an open-source OS like FreeBSD, it's not a viable solution in > any case.... The only option, as I've mentined previously in this thread, that I can think of, would be to have an option when building various linker code to disable searching in $LD_LIBRARY_PATH if the library being looked for is in the standard library paths. -- |Chris Costello <chris@calldei.com> |Is reading in the bathroom considered Multi-Tasking? `---------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990726120144.E85663>