Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 08-28-2010, 04:07 PM   #1
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Arrow Some Linux Distros Vulnerable to Version of DLL Hijacking Bug

In the wake of all of the stories about the Windows DLL hijacking bug, it appears that certain Linux distributions may be vulnerable to a similar problem related to the way that Linux handles a specific variable in some cases. The bug apparently was introduced via a Debian patch last year.

The discussion on the possible bug in Linux began with a blog post by Tim Brown, a UK-based security researcher, who detailed a specific case in which Linux could be vulnerable to an attack similar to those designed to exploit the Windows DLL bug. The post spawned a related discussion on the Full-Disclosure mailing list, in which several others confirmed that they'd seen the problematic behavior in certain Linux distributions, including Fedora, Ubuntu and Debian.
Complete Article
Old 08-28-2010, 10:49 PM   #2
LQ Guru
Registered: Nov 2006
Location: Belgium
Distribution: Ubuntu 11.04, Debian testing
Posts: 5,019

Rep: Reputation: 133Reputation: 133
From the article:
The Linux dynamic linker makes use of a variable called LD_LIBRARY_PATH which it consults when a binary is executed and which takes precedence over the OS default as set in So where's the problem? Consider the following script:
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/path/to/app/lib
app startWhat happens if LD_LIBRARY_PATH isn't set? Well, in that case, the app binary path is executed with an LD_LIBRARY_PATH of :/path/to/app/lib. This may seem perfectly satisfactory, but here's the rub. When the Linux dynamic linker sees a path with an empty directory specification such as :/valid/path, /valid/path: or /valid::/path, it treats the empty specification as $PWD. This could lead to a library being loaded from the users current working directory but where might it be exploitable.
Frankly, I have some doubts whether this is true. I think that the whole LD_LIBRARY_PATH has been abolished in ubuntu. If you search the internet, you will find plenty of evidence that setting LD_LIBRARY_PATH does not work anymore; you have to add a new script to /etc/ instead. In short, that news is completely outdated although it does affect more conservative distros that haven't upgraded to the new approach yet(ironically, those distros are often presented as being more secure...).

The DLL issue has been known for many, many months. Some clever minds must have figured out that linux could have a similar weakness and that it had better be dealt with immediately.

Last edited by jay73; 08-28-2010 at 11:01 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Google Releases Vulnerable, Bug-Ridden Microblogging App -- On Purpose! win32sux Linux - Security 1 05-11-2010 08:31 AM
Shadowbane under wine is not working UBUNTU says needs dll but the dll is there ? zonemikel Linux - Games 2 04-13-2009 10:30 AM
Which distros are easily upgradeable from version to version Jongi Linux - General 7 10-04-2008 10:54 AM
Linux Vulnerable yenonn General 47 01-24-2006 07:19 PM
Some Linux Distros Found Vulnerable By Default alpha1906 Linux - News 5 03-26-2005 06:03 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:49 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration