User: Password:
|
|
Subscribe / Log in / New account

suid-binary vulnerabilities

suid-binary vulnerabilities

Posted Nov 1, 2010 23:34 UTC (Mon) by nix (subscriber, #2304)
In reply to: suid-binary vulnerabilities by michaeljt
Parent article: Two glibc vulnerabilities

There certainly is! PT_INTERP isn't mandatory: if it's not set, the executable has no interpreter, thus cannot use shared libraries and must be self-contained.

(Also, if pure statically-linked binaries cannot exist, what do you think /lib/ld-linux.so.2 is? If ELF interpreters don't count because they are technically shared objects and relocate themselves, /sbin/sln surely does. No relocation, no PT_INTERP: static as static comes, and on pretty much every system.)


(Log in to post comments)

suid-binary vulnerabilities

Posted Nov 1, 2010 23:52 UTC (Mon) by anselm (subscriber, #2796) [Link]

/sbin/sln surely does. No relocation, no PT_INTERP: static as static comes, and on pretty much every system

I'm on Debian sid, and I don't have an executable called »sln« – not in /sbin, not anywhere. Am I missing something?

suid-binary vulnerabilities

Posted Nov 2, 2010 0:14 UTC (Tue) by nix (subscriber, #2304) [Link]

It's part of glibc, and is bloody useful e.g. to put your dynamic linker symlink back in place if something blows it away. Since this is its primary purpose, perhaps some distros don't ship it... but if you don't have that I hope you have sash or busybox or something else statically linked to recover your system in case of disaster. (OK, a boot CD/USB key could do the same job but is somewhat inelegant.)

suid-binary vulnerabilities

Posted Nov 2, 2010 0:17 UTC (Tue) by dlang (subscriber, #313) [Link]

one thing on recent systems is that the name resolution libraries are loaded dynamically, even if you compile a 'static' binary. If those libraries are not available as separate files, in the expected location, name resolution fails.

suid-binary vulnerabilities

Posted Nov 3, 2010 14:58 UTC (Wed) by nix (subscriber, #2304) [Link]

In this case, 'recent' is 'more recent than glibc 2.2'. I haven't seen a glibc 2.2 system for many years. Essentially all current Linux systems work this way. (Usernames as well as hostnames: everything that uses NSS.)

suid-binary vulnerabilities

Posted Nov 3, 2010 23:29 UTC (Wed) by cesarb (subscriber, #6266) [Link]

Does it still happen if you use nscd? Or does it simply open the socket to nscd and lets it load the NSS stuff?

suid-binary vulnerabilities

Posted Nov 4, 2010 0:18 UTC (Thu) by foom (subscriber, #14868) [Link]

Depends on the function. Not all NSS functionality goes through nscd even when it's enabled. I forget the details of which do and which don't, though.


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds