Re: /lib/ld-2.2.4.so

From: Birger Toedtmann (birger@takatukaland.de)
Date: 04/23/02 

Date: Tue, 23 Apr 2002 08:37:34 +0200
From: Birger Toedtmann <birger@takatukaland.de>
To: Sabau Daniel <draven@UBBCluj.Ro>

Sabau Daniel schrieb am Mon, Apr 22, 2002 at 09:43:32AM +0300:
> or:
> lrwxrwxrwx 1 root root 11 Apr 15 12:01 /lib/ld-linux.so.2
> -> ld-2.2.4.so
>
> This file gives users the ability of running binaries on witch the
> user doesn't have the permission to execute, it is enough to have read
> ability on the file in order to execute it:
>
> -rwxr-xr-- 1 root root 45948 Aug 9 2001 /bin/ls
>
> but using the /lib/ld-2.2.4.so file i can execute the ls command:
>
> [08:51:36][draven@Zero:~]:$/lib/ld-2.2.4.so /bin/ls /
> bin bzImage bzImage3 bzImage5 dev home lib mnt proc sbin
> usr
> boot bzImage2 bzImage4 bzImage6 etc initrd misc opt root tmp
> var
>
> i do not have root preveleges on this account:
>
> [08:51:38][draven@Zero:~]:$id
> uid=1000(draven) gid=10(wheel) groups=10(wheel),16(trust)

I cannot reproduce this behaviour:

  # id
  uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)

  # ls -l /bin/ls
  -rwxr-x--- 2 root root 45948 Aug 9 2001 /bin/ls

  # exit
  $ id
  uid=500(birger) gid=500(birger) groups=500(birger)

  $ ls
  bash: /bin/ls: Permission denied

  $ /lib/ld-2.2.4.so /bin/ls
  /bin/ls: error while loading shared libraries: /bin/ls: cannot open shared object file: Permission denied

  $ uname -r
  2.4.18

  $ cat /etc/redhat-release
  Red Hat Linux release 7.2 (Enigma)

So it has either something to do with the groups you're in (wheel?)
or grsececurity is doing something weird to your kernel - or its
both ;-) - which means, no, I don't have grsecurity in my kernel
setup. And be sure /lib/ld-2.2.4.so has no "s" bit set somewhere,
the default is 755.

Regards,

Birger

Relevant Pages

  • Re: /lib/ld-2.2.4.so
    ... > user doesn't have the permission to execute, it is enough to have read ... > ability on the file in order to execute it: ... > bin bzImage bzImage3 bzImage5 dev home lib mnt proc sbin ...
    (Vuln-Dev)
  • Re: yet another Forth: vmForth
    ... and MidLevel and HLL all Integrated in the Kernel. ... VM assembler and simulator from within the simulator for testing :-) ... higher level Forth constructs, like jz/jnz, lit, execute, call and jump. ... Compiles VM assembler mnemonics into the VM memory. ...
    (comp.lang.forth)
  • Re: [Full-Disclosure] Linux Exec Shield (was: Linux (in)security)
    ... > Speaking about kernel hardening, I was wondering if anyone on the list could ... > comment on Ingo Molnar's Exec Shield Linux kernel patches. ... Linux kernel you can execute any data inside a process's memory or overwrite ... From a security point of view ...
    (Full-Disclosure)
  • Re: /lib/ld-2.2.4.so
    ... >I tried this and it seemed to not work on my Linux system. ... >user doesn't have the permission to execute, it is enough to have read ... >bin bzImage bzImage3 bzImage5 dev home lib mnt proc sbin ... >noexec, lets take this partition: ...
    (Vuln-Dev)
  • Re: Hibernation considerations
    ... ACPI calls needed in the second and third cases above? ... be done from within a kexec'd hibernation kernel. ... * execute the _PTS global control method ...
    (Linux-Kernel)