On Sun, 24 Oct 2010 21:48:39 -0500, Bruce Dubbs <bruce.du...@gmail.com> wrote: > Bryan Kadzban wrote: > >> Ah, I think I see. You have to put libbad.so into /lib64 (emulating >> libpcprofile), then set LD_AUDIT to just "libbad.so.0", with no path. >> At that point it works as expected (at least for me). (Though this is a >> multilib setup. But ping is 64-bit; on a single-bit-width system you >> should be able to just use /lib instead.) > > I don't understand this issue. Wouldn't you need root to add anything > to /lib64 (which should be a symlink to /lib on LFS)? If you can do > that, there are a lot of easier ways to get a root shell.
Well, libpcprofile.so is already there on our builds, and is a proven attack vector! Regards, Matt. -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
