Interesting glibc security tidbit: if you have an attack that can create arbitrary files, but not clobber existing ones or control contents, /etc/suid-debug could be a nice target.
-
Show this thread
-
Replying to @RichFelker @sortiecat
Yeah yet can one also set the permissions ? Or is such also optional ?
1 reply 0 retweets 0 likes -
Replying to @io_r_us @sortiecat
The only thing glibc checks is existence of the file. Perms don't matter. If it's there, you can use LD_DEBUG on suids, exposing a lot of additional attack surface.
1 reply 0 retweets 1 like -
Replying to @RichFelker @sortiecat
One of those red flags making people to run screaming into the BSD tentcamp
1 reply 0 retweets 2 likes -
Replying to @io_r_us @sortiecat
I don't understand how any of this ever got past basic common sense: "if suid, don't process any LD_* vars, at all, whatsoever".
2 replies 0 retweets 2 likes
musl version of this: https://git.musl-libc.org/cgit/musl/tree/ldso/dynlink.c?id=v1.1.19#n1482 …pic.twitter.com/j2cbKRZGd0
10:43 AM - 5 Mar 2018
0 replies
2 retweets
3 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.