From: vaeth@mathematik.uni-wuerzburg.de
Martin Vaeth wrote:
> Arthur Hagen wrote:
>>
>> [great explanation about the security issue without -rpath]
>
> Thank you very much for the explanation. I have now really understood
> the problem for the first time.
Sorry for replying to myself, but after doing some further
invesigation, I think now that the situation is actually different
than you had described:
It is true that with using -rpath you can be sure from where the libraries
were originally loaded. However, there is no real gain in security in
using -rapth if your LD_LIBRARY_PATH environment and /etc/ld.so.conf
contain only secure paths (writable only by root). Indeed, in such a
case, only trusted libraries can be loaded: Libraries from others
paths will not be considered as loaded for your binary, either,
and if somebody was able to modify your LD_LIBRARY_PATH environment,
you have other problems anyway.
I think the real security issue with lazy linking is this:
Suppose e.g. you are running (as root) some program foo, using e.g.
parts of /lib/libc.so.6, but the complete library was not loaded yet.
Meanwhile $BAD_USER loads some other part of the library (of the same
original file, so -rpath won't help), but since *he* has loaded it,
I think he is allowed to modify it in memory. Now if your program foo
reaches a point where it calls the function $BAD_USER has modified,
$BAD_USER has practically gained root access...
So, unless you can convince me that one of the above claims was wrong,
I am afraid that I still have to recommend -Wl,-z,now
for security reasons...
> Is it possible to patch binaries/libraries to include corresponding
> -rpath's *after* they are created with ldd?
This question I can meanwhile also answer myself:
Yes, there is a tool called PatchELF: http://nix.cs.uu.nl/patchelf.html
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
