Subscribe to the RSS Feed

 

ld-elf.so Local DoS Vulnerability or not

We have found an interesting feature in the FreeBSD run-time link editor (rtld), which links dynamic executables with their needed libraries at run time.

The ld-elf.so.1 utility itself is loaded by the kernel together with any dynamically-linked program that is to be executed. The kernel transfers control to the dynamic linker. After the dynamic linker has finished loading, relocating, and initializing the program and its required shared objects, it transfers control to the entry point of the program.

It also has an executable flag, so let’s try to execute it.

Results:
FreeBSD 6.3.x:
$ /libexec/ld-elf.so.1
bash: /libexec/ld-elf.so.1: cannot execute binary file
$

FreeBSD 7.x:
$ /libexec/ld-elf.so.1
(no return)

Turns out the ld-elf.so keeps loading itself over and over, maxing out a cpu core while doing so. I had to enforce a cputime limit in login.conf so funny users won’t be able to profit from their discovery.
A fix isn’t likely as it looks like this is just one of those things you shouldn’t do

Posted 2010/02/22 21:20 by jos


Comments

Leave a Comment

Add your comment. Preview then Submit.


Hidden


Textile Help