[10546] in bugtraq
Clarification: LD_PRELOAD issue
daemon@ATHENA.MIT.EDU (David F. Skoll)
Fri May 14 11:37:09 1999
Content-Type: text
Message-Id: <199905141317.JAA01227@nepal.carleton.ca>
Date: Fri, 14 May 1999 09:17:25 -0400
Reply-To: "David F. Skoll" <dfs@DOE.CARLETON.CA>
From: "David F. Skoll" <dfs@DOE.CARLETON.CA>
To: BUGTRAQ@NETSPACE.ORG
Hi,
I feel I need to provide more context for the LD_PRELOAD issue. Yes,
I'm well aware that set[ug]id programs ignore LD_PRELOAD and the other
LD_* environment variables.
The context is a software license manager. A commercial software
organization wants to protect its software with a license manager
which relies on accurate time information. Any user of the system,
including root, must be viewed as a potential cracker. This is not your
usual security issue.
Now, any license manager can be spoofed, from as blunt an attack as
changing the system time to sophisticated reverse-engineering attacks
on the license manager binary. The issue is to prevent "cheap"
attacks -- if attacking the license manager is expensive enough,
people won't bother (or they'll find other avenues of attack. :-))
Changing the system time introduces all kinds of problems, so most
potential license abusers won't do it. A two-line shell script with a
6-line C program is a very cheap attack on a dynamically-linked
license manager daemon. Attacking a statically-linked license manager
binary is quite a bit more expensive, and should greatly reduce the
incentive for an attack.
--
David F. Skoll
