Date: Mon, 26 Jul 1999 04:16:28 -0700 (PDT) From: <jkoshy@FreeBSD.org> To: chris@calldei.com Cc: hackers@freebsd.org Subject: Re: yet more ways to attack executing binaries (was Re: deny ktrace without read permissions? ) Message-ID: <199907261116.EAA43920@freefall.freebsd.org> In-Reply-To: Your message of "Mon, 26 Jul 1999 05:40:37 EST." <19990726054037.D79022@holly.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
c> heard of in another OS is that if a suid root binary is c> dynamically linked, you could set LD_LIBRARY_PATH and make your c> own little libc which would, say, exec /bin/sh on something like c> printf. Options for both of those (or defaults) might be c> something to look into. Or is that second one fixed in FreeBSD? LD_LIBRARY_PATH, LD_PRELOAD and LD_DEBUG are ignored for setuid executables in FreeBSD. Koshy <jkoshy@freebsd.org> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907261116.EAA43920>