At Sun, 26 Sep 2004 15:34:07 +0200, Ulf Härnhammar wrote: > As you can see, you can make a program pause for several minutes with this > technique. I'm not quite sure where the buffering comes from, if it's Perl or > what. I suppose I should try this in some other language.
kill -SIGSTOP can also block the setuid program. So if your logic is applied, an attacker can block the setuid program with a lot of kill -STOP trial. > To sum up: LD_DEBUG prints lots of output, and that allows an attacker to > perform timing critical security attacks (doing nasty things between > operations > like adding symlinks) by pausing a program at an arbitrary point. As suid/sgid > programs are the most security critical, libc6 should ignore LD_DEBUG when > running those. BTW, if pausing symlinks causes security problem, that program is broken without LD_DEBUG. Regards, -- gotom
