[Full-disclosure] DLL hijacking on Linux
Tim Brown
tmb at 65535.com
Wed Aug 25 10:58:27 BST 2010
On Wednesday 25 August 2010 10:38:37 Mihai Donțu wrote:
> man sudo(8):
> "Note that the dynamic linker on most operating systems will remove
> variables that can control dynamic linking from the environment of setuid
> executables, including sudo. Depending on the operating system this may
> include _RLD*, DYLD_*, LD_*, LDR_*, LIBPATH, SHLIB_PATH, and others. These
> type of variables are removed from the environment before sudo even begins
> execution and, as such, it is not possible for sudo to preserve them."
Absolutely, but in the case I gave, the path is set /by the script/, not
inherited from the original user. The script sets the dangerous path, but
since sudo hasn't changed the CWD it points at the directory the user running
sudo was in.
Tim
--
Tim Brown
<mailto:tmb at 65535.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100825/33240348/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.