[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] The GNU C library dynamic linker expands $ORIGIN in setuid library search path

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] The GNU C library dynamic linker expands $ORIGIN in setuid library search path
From: Tavis Ormandy <taviso@xxxxxxxxxxxxx>
Date: Wed, 20 Oct 2010 13:19:31 +0200

Louis Granboulan <louis.granboulan.security@xxxxxxxxx> wrote:
> However, it is quite clear to me that the current behaviour is
> inconsistent and is the reason of this security flaw. We see $ ls -l
> /proc/self/fd/3 pretend that it is a symbolic link to a file that does not
> exist, and $ ls -lL /proc/self/fd/3 show a setuid file.
> 
> 

Louis, the commands specified in the advisory were intended to help
illustrate the problem, not be a replacement for any analysis. Your
questions were anticipated, and answered in the Notes section.

Next time I will put the Notes section at the top ;-)

Tavis.

-- 
-------------------------------------
taviso@xxxxxxxxxxxxx | pgp encrypted mail preferred
-------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] The GNU C library dynamic linker expands $ORIGIN in setuid library search path
  - From: Louis Granboulan

Prev by Date: [Full-disclosure] [USN-1000-1] Linux kernel vulnerabilities
Next by Date: Re: [Full-disclosure] Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass
Previous by thread: Re: [Full-disclosure] The GNU C library dynamic linker expands $ORIGIN in setuid library search path
Next by thread: [Full-disclosure] How Visual Studio Makes Your Applications Vulnerable to Binary Planting
Index(es):
- Date
- Thread