[Gllug] Limiting SSH access

Nix nix at esperi.demon.co.uk
Mon Apr 7 22:33:19 UTC 2003


On Mon, 7 Apr 2003, Richard W. M. Jones said:
> On Sun, Apr 06, 2003 at 11:16:09PM +0100, Nix wrote:
>> On Thu, 3 Apr 2003, Richard W. M. Jones spake:
>> > On the project I mentioned in the earlier email we mounted /home
>> > with the 'noexec' flag so users couldn't execute anything from it!
>> 
>> This is useless as long as the user can get at the glibc dynamic loader
>> (which very likely he can):
>> 
>> ,----
>> | nix at hades ~ % ./foo
>> | zsh: ./foo: Permission denied
>> | nix at hades ~ % /lib/ld-linux.so.2 ./foo
>> | Hello world
>> `----
> 
> Ouch :-)

Bloody useful, that is, when you've fscked up your ELF interpreter.

> That looks like another ELF bug worthy of bugtraq.

It's a feature, apparently.

I'm not sure whether ld-linux.so.2 actually needs to accept a filename
as argv[1]...

[checks ELF spec and glibc source]

... no, it doesn't need to, and in normal use it doesn't come in that
way at all. elf/rtld.c has a strategically located comment:

      /* Ho ho.  We are not the program interpreter!  We are the program
	 itself!  This means someone ran ld.so as a command.  Well, that
	 might be convenient to do sometimes.  We support it by
	 interpreting the args like this:

	 ld.so PROGRAM ARGS...

	 The first argument is the name of a file containing an ELF
	 executable we will load and run with the following arguments.
	 To simplify life here, PROGRAM is searched for using the
	 normal rules for shared objects, rather than $PATH or anything
	 like that.  We just load it and use its entry point; we don't
	 pay attention to its PT_INTERP command (we are the interpreter
	 ourselves).  This is an easy way to test a new ld.so before
	 installing it.  */

It's also useful to get out of the shit, and when working on chrooted
installations of libcs without chrooting in there, &c, &c. glibc's
build and test process uses this heavily.

-- 
#ifdef USE_ISPTS_FLAG
		} else {	/* else pty, not pts */
#endif

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list