[devel] suid binaries and ELF Auxiliary Vectors
Dmitry V. Levin
ldv at altlinux.org
Fri Sep 25 09:12:26 UTC 2009
On Fri, Sep 25, 2009 at 11:23:47AM +0300, Kirill A. Shutemov wrote:
> On Fri, Sep 25, 2009 at 11:15 AM, Kirill A. Shutemov
> <kirill ÎÁ shutemov.name> wrote:
> > 2009/9/25 Konstantin A. Lepikhov <lakostis ÎÁ unsafe.ru>:
> >> http://people.redhat.com/drepper/elftut1.ps -
> >
> > Thanks for link.
> >
> >> "The function create_elf_tables is responsible for
> >> creating the user stack which includes creating the auxiliary vector."
> >
> > Yep, I see. It really creates auxv on suid binaries. At least it reaches
> > copy_to_user(sp, elf_info, ei_index * sizeof(elf_addr_t))
> > But still there is no auxv in userspace. :(
> >
>
> It seems problem is in glibc. When I compiled similar code with
> klibc, it works fine.
>
> Dmitry, could you comment it? Probably, it's security-related
> thing. What's the point?
Every ELF executable gets an auxv, but when glibc detects that the running
process is privileged, it mangles its environment and, besides all, sets
__libc_enable_secure variable to 1.
--
ldv
----------- ????????? ????? -----------
âÙÌÏ ÕÄÁÌÅÎÏ ×ÌÏÖÅÎÉÅ ÎÅ × ÔÅËÓÔÏ×ÏÍ ÆÏÒÍÁÔÅ...
éÍÑ : ÏÔÓÕÔÓÔ×ÕÅÔ
ôÉÐ : application/pgp-signature
òÁÚÍÅÒ : 197 ÂÁÊÔÏ×
ïÐÉÓÁÎÉÅ: ÏÔÓÕÔÓÔ×ÕÅÔ
Url : <http://lists.altlinux.org/pipermail/devel/attachments/20090925/48b8321e/attachment.bin>
More information about the Devel
mailing list