once again, this is a good example why this is an OS bug, not an each and every application. As always, it is a simply bad design and, as a result, contradictory guidelines under Windows.
-- fix the root of the problem. Sometimes, it's in DNA On 31 August 2010 10:30, Soh Kam Yung <[email protected]> wrote: > [ > http://threatpost.com/en_us/blogs/some-linux-distros-vulnerable-version-dll-hijacking-bug-082610 > ] > > ===== > Some Linux Distros Vulnerable to Version of DLL Hijacking Bug > by Dennis Fisher > > In the wake of all of the stories about the Windows DLL hijacking bug, > it appears that certain Linux distributions may be vulnerable to a > similar problem related to the way that Linux handles a specific > variable in some cases. The bug apparently was introduced via a Debian > patch last year. > [...] > The Linux dynamic linker makes use of a variable called > LD_LIBRARY_PATH which it consults when a binary is executed and which > takes precedence over the OS default as set in ld.so.conf. So where's > the problem? Consider the following script: > > #!/bin/sh > export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/path/to/app/lib > app start > > What happens if LD_LIBRARY_PATH isn't set? Well, in that case, the app > binary path is executed with an LD_LIBRARY_PATH of :/path/to/app/lib. > This may seem perfectly satisfactory, but here's the rub. When the > Linux dynamic linker sees a path with an empty directory specification > such as :/valid/path, /valid/path: or /valid::/path, it treats the > empty specification as $PWD. This could lead to a library being loaded > from the users current working directory but where might it be > exploitable. > [...] > However, security experts say the problem isn't on the same scale as > the DLL hijacking flaw and is far less worrisome. Dave Aitel, CTO of > Immunity, said that the Linux problem doesn't appear to be a direct > analog to the Windows DLL bug, which he characterized as a serious > flaw in the operating system, much like the Windows shatter attacks > from 2002. > [...] > ===== > -- > Soh Kam Yung > my Google Reader Shared links: > (http://www.google.com/reader/shared/16851815156817689753) > my Google Reader Shared SFAS links: > (http://www.google.com/reader/shared/user/16851815156817689753/label/sfas) > > _______________________________________________ > LUGS Mailing list - [email protected] > List FAQ: http://wiki.lugs.org.sg/LugsMailingListFaq > Info page: http://www.lugs.org.sg/mailman/listinfo/slugnet > To unsubscribe send an empty email to: [email protected] > _______________________________________________ LUGS Mailing list - [email protected] List FAQ: http://wiki.lugs.org.sg/LugsMailingListFaq Info page: http://www.lugs.org.sg/mailman/listinfo/slugnet To unsubscribe send an empty email to: [email protected]
