Gentoo security update to glibc
Posted Aug 19, 2004 20:19 UTC (Thu) by kweidner
Parent article: Gentoo security update to glibc
An attacker can gain the list of symbols a SUID application uses and
their locations and can then use a trojaned library taking precendence
over those symbols to gain information or perform further exploitation.
I don't understand the impact statement, as far as I can tell any use of a trojaned library would require exploiting an additional vulnerability such as improper permissions for system library files. And if you have that additional vulnerability, you don't need LD_DEBUG to exploit it. LD_PRELOAD and LD_LIBRARY_PATH are of course disabled for SUID binaries.
The documented features of LD_DEBUG look harmless, it only prints statistics about the operation of the dynamic linker, with no application data included in the output. Does LD_DEBUG offer additional undocumented features that enable manipulations of how it works? If not, this alleged vulnerability does not appear to be any cause for concern.
to post comments)