ld-elf.so Local DoS Vulnerability or not
We have found an interesting feature in the FreeBSD run-time link editor (rtld), which links dynamic executables with their needed libraries at run time.
The ld-elf.so.1 utility itself is loaded by the kernel together with any dynamically-linked program that is to be executed. The kernel transfers control to the dynamic linker. After the dynamic linker has finished loading, relocating, and initializing the program and its required shared objects, it transfers control to the entry point of the program.
It also has an executable flag, so let’s try to execute it.
Results:
FreeBSD 6.3.x:
$ /libexec/ld-elf.so.1
bash: /libexec/ld-elf.so.1: cannot execute binary file
$
FreeBSD 7.x:
$ /libexec/ld-elf.so.1
(no return)
Turns out the ld-elf.so keeps loading itself over and over, maxing out a cpu core while doing so. I had to enforce a cputime limit in login.conf so funny users won’t be able to profit from their discovery.
A fix isn’t likely as it looks like this is just one of those things you shouldn’t do
Posted 2010/02/22 21:20 by jos
cheap Paul & Shark pants & shorts Says:
This article is very good, very appealing. Affects every reader chord, hoping to share with you the exchange. Thank articles.
discount swiss Seiko watches Says:
This article is good, very good, let I learned a lot from ~ you don’t miss, hurry to join!
best mens Rolex Datejust II Says:
This article is very good, I like, thank you, I’m more understanding Keep up the blogs!