Hi all,
Fons Rademakers <Fons.Rademakers@cern.ch> wrote concerning
[ROOT] missing libEvent [05 Dec 2002 16:22:29 +0100]
----------------------------------------------------------------------
> You should have one. Make sure that "." is in LD_LIBRARY_PATH.
Having "." in ones LD_LIBRARY_PATH or PATH environment variables is a
really bad idea. Witness this program:
int main(int argc, char** argv)
{
pid_t pid = fork();
if (!pid) { // child
while (true) {
sleep(EVIL_SLP);
std::cout << EVIL_MSG << getpid() << std::endl;
}
}
else { // parent
argv[0] = GOOD_LS;
execv(GOOD_LS, argv);
}
return 0;
}
Compile this into an executable called `ls', and put that in the
current directory. Then try to execute `ls' normally - you'll execute
a Trojan horse.
You can play the same trick with a library (a C source file):
void _init() {
pid_t pid;
pid = fork();
setenv("LD_PRELOAD", EVIL_LIB);
if (!pid) { // child
while (1) {
sleep(EVIL_SLP);
printf("%s %d\n", EVIL_MSG, getpid());
}
}
else
dlopen("/lib/libc.so.6", RTLD_LAZY);
}
Compile this code into a shared library called `libc.so.6' and put it
in the current directory - now execute _any_ command and you'll
execute a Trojan horse.
[An aside, to make this into a shared library on GNU/Linux, you need
to specify the flag `-nostdlib' to the linker]
As you can see, it's not recommendable to have relative paths in
either LD_LIBRARY_PATH or PATH - you will be vulnerable to Trojan
horses. Note, that this is entirely a user mistake - not a SysOp or
OS mistake. _Always_ use absolute paths!
Yours,
___ | Christian Holm Christensen
|_| | -------------------------------------------------------------
| | Address: Sankt Hansgade 23, 1. th. Phone: (+45) 35 35 96 91
_| DK-2200 Copenhagen N Cell: (+45) 24 61 85 91
_| Denmark Office: (+45) 353 25 305
____| Email: cholm@nbi.dk Web: www.nbi.dk/~cholm
| |
This archive was generated by hypermail 2b29 : Sat Jan 04 2003 - 23:51:22 MET