[Gllug] Limiting SSH access
Nix
nix at esperi.demon.co.uk
Mon Apr 7 22:33:19 UTC 2003
On Mon, 7 Apr 2003, Richard W. M. Jones said:
> On Sun, Apr 06, 2003 at 11:16:09PM +0100, Nix wrote:
>> On Thu, 3 Apr 2003, Richard W. M. Jones spake:
>> > On the project I mentioned in the earlier email we mounted /home
>> > with the 'noexec' flag so users couldn't execute anything from it!
>>
>> This is useless as long as the user can get at the glibc dynamic loader
>> (which very likely he can):
>>
>> ,----
>> | nix at hades ~ % ./foo
>> | zsh: ./foo: Permission denied
>> | nix at hades ~ % /lib/ld-linux.so.2 ./foo
>> | Hello world
>> `----
>
> Ouch :-)
Bloody useful, that is, when you've fscked up your ELF interpreter.
> That looks like another ELF bug worthy of bugtraq.
It's a feature, apparently.
I'm not sure whether ld-linux.so.2 actually needs to accept a filename
as argv[1]...
[checks ELF spec and glibc source]
... no, it doesn't need to, and in normal use it doesn't come in that
way at all. elf/rtld.c has a strategically located comment:
/* Ho ho. We are not the program interpreter! We are the program
itself! This means someone ran ld.so as a command. Well, that
might be convenient to do sometimes. We support it by
interpreting the args like this:
ld.so PROGRAM ARGS...
The first argument is the name of a file containing an ELF
executable we will load and run with the following arguments.
To simplify life here, PROGRAM is searched for using the
normal rules for shared objects, rather than $PATH or anything
like that. We just load it and use its entry point; we don't
pay attention to its PT_INTERP command (we are the interpreter
ourselves). This is an easy way to test a new ld.so before
installing it. */
It's also useful to get out of the shit, and when working on chrooted
installations of libcs without chrooting in there, &c, &c. glibc's
build and test process uses this heavily.
--
#ifdef USE_ISPTS_FLAG
} else { /* else pty, not pts */
#endif
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list