[MPlayer-users] vidix without being root or suid bit?

D Richard Felker III dalias at aerifal.cx
Wed Sep 18 00:32:01 CEST 2002 

On Tue, Sep 17, 2002 at 10:44:13PM +0200, Alessandro Selli wrote:
> [Automatic answer: RTFM (read DOCS, FAQ), also read DOCS/bugreports.html]
> Il giorno Tue, Sep 17, 2002 at 06:29:32PM +0000, Diego Zuccato così ha scritto:
> |From: Diego Zuccato <diego at otello.alma.unibo.it>
> |X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.18 i686)
> |To: mplayer-users at mplayerhq.hu
> |Subject: Re: [MPlayer-users] vidix without being root or suid bit?
> |Date: Tue, 17 Sep 2002 18:29:32 +0000
> |
> |
> |So that only root and users in group ndk (I'm the only one :-) ) can run
> |it...
> |
> 
>   Would you think yourself secure just because you set an executable's exec
> flag off, please consider this:
> 
> ambapali at tanatos ~$ ls -l /bin/ls
> -rwxr-xr-x    1 root     root        43784 Mar 18  2002 /bin/ls
> ambapali at tanatos ~$ su -c "chmod a-x /bin/ls"
> Password: 
> ambapali at tanatos ~$ ls -l /bin/ls
> bash: /bin/ls: Permission denied
> ambapali at tanatos ~$ /lib/ld-linux.so.2 /bin/ls
> Backup               Varie                      mimeinstall.results
> Claritas             bash-configuratio.tar.bz2  ns_imap
> GNUstep              bin                        nsmail
> GuerraJugoslava.txt  configurazione_pine        openssh-3.4p1.tar.gz
> Linux-doc            desktop                    plugininstall.results
> Musica               floppy                     poff
> News                 forth.tar.gz               pon
> Note-Rete.tar.bz2    hosts.allow                ppp.tgz
> OpenOffice.org1.0    immagini                   programma.html
> Posta                index.html                 slrnrc-conv.txt
> Preferenze           internet                   src
> Programmi            jedrc_vecchio              tmp
> Software             lug-out                    www.hardwarebook.net
> Tecnica              lynx
> Testi                masterizza.sh
> 
>   On Debian Woody ld-linux.so.2 is a link to ld-2.2.5.so .
>   This also works on partitions/devices (like floppies) mounted with the
> "noexec" flag.

That is nonsense. If you run the suid-root mplayer with
/lib/ld-linux.so.2 /path/to/mplayer, the suid bit will ***NOT*** be
honored, since you are exec'ing /lib/ld-linux.so.2 (which is not suid)
as opposed to /path/to/mplayer (which is). Learn a little about unix
before posting such silliness.

Of course if the binary is not suid (as in your example) it's even
stupider, since someone who wants to run it can just make their own
copy with cp and then run it.

Rich

More information about the MPlayer-users mailing list