| |||||||||||
exec-only ELF interpreterexec-only ELF interpreterPosted Nov 14, 2004 0:14 UTC (Sun) by iabervon (subscriber, #722)In reply to: exec-only ELF interpreter by giraffedata Parent article: Some Linux kernel security vulnerabilities
You can exec() the dynamic linker if you want, but that's not what dynamically linked executables do. It's a bit confusing, because the dynamic linker these days is also a program which will dynamically link and run its argument. However, it doesn't work for everything: if you do /lib/ld.so /sbin/mount, it will complain that it can't read /sbin/mount (since it can't). For that matter, this doesn't give root priviledges to setuid programs, since the dynamic linker isn't setuid, and the program isn't being execed. Actually, the main reason that the dynamic linker is executable is so that ldd can call it to get the info. (Also, don't confuse this with the shell interpreter, where it execs the interpreter with standard in redirected from the file).
In fact, the kernel loads the interpreter as well as loading the program you called exec() on, and runs the program with the interpreter loaded into memory in a predictable way. Actually, I think a statically linked program which specified an interpreter would just have that file loaded for it, and could just read it without executing it.
I know that setuid programs don't dump core; non-readable ones might behave the same way (/sbin/mount is both).
(Log in to post comments)
|
|||||||||||