Some Linux Distros Vulnerable to Version of DLL Hijacking Bug
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Some Linux Distros Vulnerable to Version of DLL Hijacking Bug
Quote:
In the wake of all of the stories about the Windows DLL hijacking bug, it appears that certain Linux distributions may be vulnerable to a similar problem related to the way that Linux handles a specific variable in some cases. The bug apparently was introduced via a Debian patch last year.
The discussion on the possible bug in Linux began with a blog post by Tim Brown, a UK-based security researcher, who detailed a specific case in which Linux could be vulnerable to an attack similar to those designed to exploit the Windows DLL bug. The post spawned a related discussion on the Full-Disclosure mailing list, in which several others confirmed that they'd seen the problematic behavior in certain Linux distributions, including Fedora, Ubuntu and Debian.
The Linux dynamic linker makes use of a variable called LD_LIBRARY_PATH which it consults when a binary is executed and which takes precedence over the OS default as set in ld.so.conf. So where's the problem? Consider the following script:
#!/bin/sh
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/path/to/app/lib
app startWhat happens if LD_LIBRARY_PATH isn't set? Well, in that case, the app binary path is executed with an LD_LIBRARY_PATH of :/path/to/app/lib. This may seem perfectly satisfactory, but here's the rub. When the Linux dynamic linker sees a path with an empty directory specification such as :/valid/path, /valid/path: or /valid::/path, it treats the empty specification as $PWD. This could lead to a library being loaded from the users current working directory but where might it be exploitable.
Frankly, I have some doubts whether this is true. I think that the whole LD_LIBRARY_PATH has been abolished in ubuntu. If you search the internet, you will find plenty of evidence that setting LD_LIBRARY_PATH does not work anymore; you have to add a new script to /etc/ld.so.d instead. In short, that news is completely outdated although it does affect more conservative distros that haven't upgraded to the new approach yet(ironically, those distros are often presented as being more secure...).
The DLL issue has been known for many, many months. Some clever minds must have figured out that linux could have a similar weakness and that it had better be dealt with immediately.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Some Linux Distros Vulnerable to Version of DLL Hijacking Bug
