LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

suid-binary vulnerabilities

suid-binary vulnerabilities

Posted Nov 2, 2010 0:17 UTC (Tue) by dlang (✭ supporter ✭, #313)
In reply to: suid-binary vulnerabilities by nix
Parent article: Two glibc vulnerabilities

one thing on recent systems is that the name resolution libraries are loaded dynamically, even if you compile a 'static' binary. If those libraries are not available as separate files, in the expected location, name resolution fails.

(Log in to post comments)

suid-binary vulnerabilities

Posted Nov 3, 2010 14:58 UTC (Wed) by nix (subscriber, #2304) [Link]

In this case, 'recent' is 'more recent than glibc 2.2'. I haven't seen a glibc 2.2 system for many years. Essentially all current Linux systems work this way. (Usernames as well as hostnames: everything that uses NSS.)

suid-binary vulnerabilities

Posted Nov 3, 2010 23:29 UTC (Wed) by cesarb (subscriber, #6266) [Link]

Does it still happen if you use nscd? Or does it simply open the socket to nscd and lets it load the NSS stuff?

suid-binary vulnerabilities

Posted Nov 4, 2010 0:18 UTC (Thu) by foom (subscriber, #14868) [Link]

Depends on the function. Not all NSS functionality goes through nscd even when it's enabled. I forget the details of which do and which don't, though.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds