|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Was Re: [PLUG] RedHat 7.1 glibc2.1 Backward compat - revisited
This is probably waaay off topic from the plug list but I'm
hoping to come across someone that has enough knowledge on the
subject here before I go trying to find an ELF mailing list.
I have been reading the ELF spec, and something interesting came
to me as I was reading it. There's a part of the elf header called
the init section. Anything in the init section gets executed
before main() is executed. I seem to remember some problems
with an init() function in libraries, but have never heard of
an init() function in normal programs. What I remember about
libraries and init was an exploit with PAM using init() and a
bad library path that allowed root. This is what I know of
init and main so far, executables have main, and /possibly/
librarys can have an init section or always use an init
section. This is starting to get off subject so here goes my
real question:
If one were to use the init section of an elf header to execute
arbritrary code (for example someone created a worm/virus that
planted arbitrary code into the init section), would the init
section be executed with the permissions of the user executing the
code or would it be executed with the permissions of the loader?
Tim
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|