LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-24-2007, 04:39 AM   #1
avallach
Member
 
Registered: Sep 2006
Location: Silesia
Distribution: Debian GNU/Linux 4.0, ArchLinux, OpenBSD
Posts: 190
Blog Entries: 2

Rep: Reputation: 31
LibSafe - what happened ?


Hey...
I haven't used this thing for a long time and yesterday I tried it on my Debian Etch and somehow it couldn't stop even it's own test exploits...
As I looked deeper on to libsafe WebPage it stays
Quote:
Version 2.0 (stable) released on 2001-03-21
Is this project completely dead ?
 
Old 01-24-2007, 06:53 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Code:
/lib/ld-linux.so.2 ./t1 2>/dev/null < /usr/bin/yes 
This program tries to use strcpy() to overflow the buffer.
If you get a /bin/sh prompt, then the exploit has worked.
Killed

I tried it on my Debian Etch and somehow it couldn't stop even it's own test exploits.
Could you post in detail what you exactly did?
 
Old 01-24-2007, 07:05 AM   #3
avallach
Member
 
Registered: Sep 2006
Location: Silesia
Distribution: Debian GNU/Linux 4.0, ArchLinux, OpenBSD
Posts: 190

Original Poster
Blog Entries: 2

Rep: Reputation: 31
I installed it by make; make install
then
Code:
LD_PRELOAD=/lib/libsafe.so.2
export LD_PRELOAD
I moved to the exploits directory and tried a few of them by typing just
Code:
./t1
or
Code:
./int.sh t1
as it was suggested in the documentation.
 
Old 01-24-2007, 07:17 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
And the output was what?
 
Old 01-24-2007, 07:24 AM   #5
avallach
Member
 
Registered: Sep 2006
Location: Silesia
Distribution: Debian GNU/Linux 4.0, ArchLinux, OpenBSD
Posts: 190

Original Poster
Blog Entries: 2

Rep: Reputation: 31
the big /bin/sh prompt of course :
Code:
This program tries to use strcpy() to overflow the buffer.
If you get a /bin/sh prompt, then the exploit has worked.
Press any key to continue...
sh-3.1$
 
Old 01-24-2007, 07:53 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
OK. Hmm. There are some ways to bypass Libsafe like using -fomit-frame-pointer.
Oh well, then you'll just have to run a GRSecurity+RBAC+PAX kernel... ;-p
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
help: libsafe install problem peck2006 Linux - Software 1 04-24-2006 06:18 PM
Libsafe EAD Linux - Security 4 03-26-2006 08:13 AM
what the *** happened here? wijnands Linux - Security 2 10-19-2004 02:25 AM
suddenly having ftp login problems since i downgraded libsafe so i could add sites Amaris4GOW Linux - General 2 04-09-2004 01:07 PM
what happened? chief Linux - Software 8 08-04-2003 11:19 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration