[MPlayer-users] vidix without being root or suid bit?
D Richard Felker III
dalias at aerifal.cx
Wed Sep 18 00:32:01 CEST 2002
On Tue, Sep 17, 2002 at 10:44:13PM +0200, Alessandro Selli wrote:
> [Automatic answer: RTFM (read DOCS, FAQ), also read DOCS/bugreports.html]
> Il giorno Tue, Sep 17, 2002 at 06:29:32PM +0000, Diego Zuccato così ha scritto:
> |From: Diego Zuccato <diego at otello.alma.unibo.it>
> |X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.18 i686)
> |To: mplayer-users at mplayerhq.hu
> |Subject: Re: [MPlayer-users] vidix without being root or suid bit?
> |Date: Tue, 17 Sep 2002 18:29:32 +0000
> |
> |
> |So that only root and users in group ndk (I'm the only one :-) ) can run
> |it...
> |
>
> Would you think yourself secure just because you set an executable's exec
> flag off, please consider this:
>
> ambapali at tanatos ~$ ls -l /bin/ls
> -rwxr-xr-x 1 root root 43784 Mar 18 2002 /bin/ls
> ambapali at tanatos ~$ su -c "chmod a-x /bin/ls"
> Password:
> ambapali at tanatos ~$ ls -l /bin/ls
> bash: /bin/ls: Permission denied
> ambapali at tanatos ~$ /lib/ld-linux.so.2 /bin/ls
> Backup Varie mimeinstall.results
> Claritas bash-configuratio.tar.bz2 ns_imap
> GNUstep bin nsmail
> GuerraJugoslava.txt configurazione_pine openssh-3.4p1.tar.gz
> Linux-doc desktop plugininstall.results
> Musica floppy poff
> News forth.tar.gz pon
> Note-Rete.tar.bz2 hosts.allow ppp.tgz
> OpenOffice.org1.0 immagini programma.html
> Posta index.html slrnrc-conv.txt
> Preferenze internet src
> Programmi jedrc_vecchio tmp
> Software lug-out www.hardwarebook.net
> Tecnica lynx
> Testi masterizza.sh
>
> On Debian Woody ld-linux.so.2 is a link to ld-2.2.5.so .
> This also works on partitions/devices (like floppies) mounted with the
> "noexec" flag.
That is nonsense. If you run the suid-root mplayer with
/lib/ld-linux.so.2 /path/to/mplayer, the suid bit will ***NOT*** be
honored, since you are exec'ing /lib/ld-linux.so.2 (which is not suid)
as opposed to /path/to/mplayer (which is). Learn a little about unix
before posting such silliness.
Of course if the binary is not suid (as in your example) it's even
stupider, since someone who wants to run it can just make their own
copy with cp and then run it.
Rich
More information about the MPlayer-users
mailing list