ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is it a security problem that I can trick applications into thinking I'm someone else by using LD_PRELOAD to load a library that overrides getuid and geteuid?
I found this trick to work on a 3rd party application that lets you log in without a password if a username exists in the system that matches the OS's username.
This trick however does not work, for example, when using ls trying to see the contents of a folder with permissions 700.
So is there a better way for applications to tell who is running them than to trust the value returned from getuid (as it can be overridden)? I'd like to report the problem to the application vendor with a suggested fix.
Is it a security problem that I can trick applications into thinking I'm someone else by using LD_PRELOAD to load a library that overrides getuid and geteuid?
I'd say any mechanism that allows you to authenticate as someone you're not represents a security problem.
Quote:
Originally Posted by eric.frederich
So is there a better way for applications to tell who is running them than to trust the value returned from getuid (as it can be overridden)? I'd like to report the problem to the application vendor with a suggested fix.
At this point I'm mainly curious about why your "workaround" is effective on the third-party app only. Have you tried writing a simple program to confirm that getuid() and geteuid() are tricked in this way?
Is it a security problem that I can trick applications into thinking I'm someone else by using LD_PRELOAD to load a library that overrides getuid and geteuid?
I'm not sure what you mean. You can create a fake library that tells the application that it's running under a different user account, but that doesn't mean that's it's actually running under that account as far as the OS is concerned.
At this point I'm mainly curious about why your "workaround" is effective on the third-party app only. Have you tried writing a simple program to confirm that getuid() and geteuid() are tricked in this way?
Sample program: test.c
Compile with gcc -o test test.c
I'm not sure what you mean. You can create a fake library that tells the application that it's running under a different user account, but that doesn't mean that's it's actually running under that account as far as the OS is concerned.
Exactly. This would be why I can't use this trick to run the ls command on a directory I don't have access to... because I'm not fooling the OS.
I am however, fooling the application and I'm wondering if there is a better way for the application to check the ID rather than just trusting the returned value of getuid.
Good one. But isn't it still possible to bypass this by debugging program being launched?
It looks like there are routines for attaching to process, debugging it and modifying its memory.
You could also just run it in a VM. The app can always be fooled by just being able to obtain a copy of it. The OS can't without root/physical access.
Your app really need only trust what the OS/launch environment is telling it. If the binary itself contains some secret and a malicious user gets a copy of it to run so as to trick it to reveal the secret when running, they can also just extract the secret without usual execution. If it's an app that accesses some secret stored elsewhere, it's just a client, and you defer to server-side authentication.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.