Secuirty issues with LD_LIBRARY_PATH & SHLIB_PATH

Jayesh shah · ‎02-03-2002

Hi All,
I found some libraries on IA machines have LD_LIBRARY_PATH & SHLIB_PATH enabled.
Does this give rise to any security problems and can any one misuse this?
=================================
# chatr libIDMawrt.so.1
libIDMawrt.so.1:
32-bit ELF shared library
shared library dynamic path search:
LD_LIBRARY_PATH enabled first
SHLIB_PATH enabled second
embedded path enabled third Not Defined
shared vtable support disabled
segments:
index type address flags size
4 text 04000000 z---c D (default)
5 data 40000000 ---m- D (default)
kernel assisted branch prediction enabled
lazy swap allocation for dynamic segments disabled
===================================

Thanks
Jayesh

Volker Borowski · ‎02-04-2002

Hello,

in general: yes there are risks with the use of LD_LIBRARAY_PATH and SHLIB_PATH.
In fact to use this, deep knowledge of the application is required.

I.e. if an application uses a shared library that gets a secret parameter, you can fake the libpath, let the program jump to an own libraray and evaluate the parameter.

There are special options to "ld", to create executables to prevent faking shared libs. I.e. any software with such features should create these critical routines with a static link option or a dynamic lib section that uses fixed search path settings.

See "man dld.sl" and "man ld" for additional info.

In addition, depending on the OS, additional rules may apply, if the program is set suid. See "man ld.so.1" on Solaris i.e.

Volker

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Secuirty issues with LD_LIBRARY_PATH & SHLIB_PATH

Secuirty issues with LD_LIBRARY_PATH & SHLIB_PATH

Re: Secuirty issues with LD_LIBRARY_PATH & SHLIB_PATH