>2014-02-17 20:48 GMT+01:00 Miod Vallat <m...@online.fr>: >>> Attacks with LD_PRELOAD are very old and can >>> be performed on any OS where you have dynamic linking (Linux, *BSD >>> etc.), so yes, OpenBSD is "vulnerable" to this type of stuff. >> >> You forgot to mention that the value of LD_PRELOAD is ignored for set*id >> executables, in order to prevent these kind of games. > >thx, I wasn't sure of this, but it's good to hear that. > >http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ld.so/loader.c?rev=1.147;content-type=text%2Fplain > >from loader.c > >/* >* Don't allow someone to change the search paths if he runs >* a suid program without credentials high enough. >*/ >_dl_trust = !_dl_issetugid(); >if (!_dl_trust) { /* Zap paths if s[ug]id... */ >if (_dl_libpath) { >_dl_free_path(_dl_libpath); >_dl_libpath = NULL; >_dl_unsetenv("LD_LIBRARY_PATH", envp); >} >if (_dl_preload) { >_dl_preload = NULL; >_dl_unsetenv("LD_PRELOAD", envp); >} > >It actually should reduce the risk for set*id(), but this in the past >related to CVE-2006-6164 (_dl_unsetenv())? > >Daniel
Daniel, you are coming off like a KOOK. So basically, we are "vulnerable", even though the shared library linker code has been doing this since before we switched over to using it, from before a.out. Apparently the "magic quotes" around "vulnerable" are designed to make it so that you can get away with lying. We are not vulnerable. You are spreading misinformation. This is beyond misinforming, you are LYING.
