Re: [PLUG] ELF Init section

Tim Peeler on Mon, 4 Jun 2001 09:30:05 -0400

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] ELF Init section

From: Tim Peeler <tim@iss.dccc.edu>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] ELF Init section

Date: Mon, 4 Jun 2001 09:14:27 -0400

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.3.18i

On Sat, Jun 02, 2001 at 07:56:58PM -0400, Bill Jonas wrote: > bj@epoch:~$ ls -l /lib/ld.so > -rwxr-xr-x 2 root root 99568 Mar 6 21:17 /lib/ld.so > > No problem there; it's owned by root, but you'll notice that the SUID > bit is not set. Therefore, it runs with the privileges of the user who > started it. Well that helps to ease some fears that I had while I was reading the ELF docs. I was worried that it would be possible to spread init virii through ELF binaries, plug in your nasty code into the init section and your set for the first wave of Linux (and it looks like at least FreeBSD and NetBSD as well) virii. I know there's already some worms out but haven't heard anything on the virus front. Somthing I find particularly interesting in the ELF format is the specific header format. Given that the loader needs to combine the binary and system and library calls to create the running process in the first place, one would assume that you would only need an identifier for each part of the header, instead of the strict structured header that ELF provides. Looking at the binary as a stream of data (during loading) as opposed to taking the first X bytes as the full header, one could still load and create a running process from the binary image. The difference being that the "streamed header" would be more forward-looking. Newer revisions wouldn't need to specify new specific structures, but would only need to understand the new header identifier and there would be no case switching with different versions. Another good use of (what I'll call) the "streamed" header approach would be lessening the ammount of data required in the header (I know, it's only a few bytes). Perhaps I'm over my head on this one, but I suppose when you dive in you have to start swimming sooner or later. Tim ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

Follow-Ups:

Re: [PLUG] ELF Init section
From: gabriel rosenkoetter <gr@eclipsed.net>

References:

Re: [PLUG] ELF Init section
From: Bill Jonas <bill@billjonas.com>

Prev by Date: Re: [PLUG] lilo issues

Next by Date: Re: [PLUG] two interfaces and security

Previous by thread: Re: [PLUG] ELF Init section

Next by thread: Re: [PLUG] ELF Init section

Index(es):

Date

Thread