Hi all, Fons Rademakers <Fons.Rademakers@cern.ch> wrote concerning [ROOT] missing libEvent [05 Dec 2002 16:22:29 +0100] ---------------------------------------------------------------------- > You should have one. Make sure that "." is in LD_LIBRARY_PATH. Having "." in ones LD_LIBRARY_PATH or PATH environment variables is a really bad idea. Witness this program: int main(int argc, char** argv) { pid_t pid = fork(); if (!pid) { // child while (true) { sleep(EVIL_SLP); std::cout << EVIL_MSG << getpid() << std::endl; } } else { // parent argv[0] = GOOD_LS; execv(GOOD_LS, argv); } return 0; } Compile this into an executable called `ls', and put that in the current directory. Then try to execute `ls' normally - you'll execute a Trojan horse. You can play the same trick with a library (a C source file): void _init() { pid_t pid; pid = fork(); setenv("LD_PRELOAD", EVIL_LIB); if (!pid) { // child while (1) { sleep(EVIL_SLP); printf("%s %d\n", EVIL_MSG, getpid()); } } else dlopen("/lib/libc.so.6", RTLD_LAZY); } Compile this code into a shared library called `libc.so.6' and put it in the current directory - now execute _any_ command and you'll execute a Trojan horse. [An aside, to make this into a shared library on GNU/Linux, you need to specify the flag `-nostdlib' to the linker] As you can see, it's not recommendable to have relative paths in either LD_LIBRARY_PATH or PATH - you will be vulnerable to Trojan horses. Note, that this is entirely a user mistake - not a SysOp or OS mistake. _Always_ use absolute paths! Yours, ___ | Christian Holm Christensen |_| | ------------------------------------------------------------- | | Address: Sankt Hansgade 23, 1. th. Phone: (+45) 35 35 96 91 _| DK-2200 Copenhagen N Cell: (+45) 24 61 85 91 _| Denmark Office: (+45) 353 25 305 ____| Email: cholm@nbi.dk Web: www.nbi.dk/~cholm | |
This archive was generated by hypermail 2b29 : Sat Jan 04 2003 - 23:51:22 MET