* Gentoo glibc security advisory @ 2004-08-18 8:41 Thorsten Kukuk 2004-08-18 9:21 ` Jakub Jelinek 0 siblings, 1 reply; 2+ messages in thread From: Thorsten Kukuk @ 2004-08-18 8:41 UTC (permalink / raw) To: libc-hacker Hi, Gentoo has issued an advisory: http://www.gentoo.org/security/en/glsa/glsa-200408-16.xml "An attacker can gain the list of symbols a SUID application uses and their locations and can then use a trojaned library taking precendence over those symbols to gain information or perform further exploitation." with the following patch: http://www.gentoo.org/cgi-bin/viewcvs.cgi/sys-libs/glibc/files/glibc-sec-hotfix-20040804.patch?rev=1.1&content-type=text/vnd.viewcvs-markup Does somebody knows more about this? Thorsten -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@suse.de SuSE Linux AG Maxfeldstr. 5 D-90409 Nuernberg -------------------------------------------------------------------- Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B ^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Gentoo glibc security advisory 2004-08-18 8:41 Gentoo glibc security advisory Thorsten Kukuk @ 2004-08-18 9:21 ` Jakub Jelinek 0 siblings, 0 replies; 2+ messages in thread From: Jakub Jelinek @ 2004-08-18 9:21 UTC (permalink / raw) To: Thorsten Kukuk; +Cc: libc-hacker On Wed, Aug 18, 2004 at 10:41:35AM +0200, Thorsten Kukuk wrote: > > Hi, > > Gentoo has issued an advisory: > http://www.gentoo.org/security/en/glsa/glsa-200408-16.xml > > "An attacker can gain the list of symbols a SUID application uses and their That's true. > locations LD_DEBUG=all doesn't give you exact addresses of symbols (but LD_TRACE_PRELINKING=1 does, maybe we should turn that off for __libc_enable_secure and missing /etc/suid-debug). It only tells you which libraries' symbols are used. > and can then use a trojaned library taking precendence over those > symbols to gain information This is wrong. You can't LD_PRELOAD a trojaned library to a suid binary (unless it is in the standard paths and sgid I think) nor you can use LD_LIBRARY_PATH to trick it in any way. > or perform further exploitation." > > with the following patch: > > http://www.gentoo.org/cgi-bin/viewcvs.cgi/sys-libs/glibc/files/glibc-sec-hotfix-20040804.patch?rev=1.1&content-type=text/vnd.viewcvs-markup BTW, * Fixes a glibc bug where certain envvars are interpreted even if UNSECURE_ENVVARS says to drop them is wrong, they are interpreted on purpose, but with caution if __libc_enable_secure. Jakub ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-08-18 9:21 UTC | newest] Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2004-08-18 8:41 Gentoo glibc security advisory Thorsten Kukuk 2004-08-18 9:21 ` Jakub Jelinek
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).