Quoting Olaf Dietsche
<olaf.dietsche#list.linux-kernel@t-online.de>:
> I just downloaded glibc 2.3.1 and would say you can
subvert a
> privileged executable with LD_PRELOAD. There's no
mention of
> PR_GET_DUMPABLE anywhere and __libc_enable_secure is
set according to
> some euid/egid tests.
In theory you should be able to just replace the
__libc_enable_secure check with
__libc_enable_secure = !prctl(PR_GET_DUMPABLE);
i.e. let the kernel handle the logic of whether a
process is running privileged.If we duplicate it
between kernel and libc, we'll get security bugs.
Cheers
Chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/