Subject: re: RelCache (aka ELF prebinding) news
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: matthew green <mrg@eterna.com.au>
List: tech-userlevel
Date: 12/04/2002 14:23:59
   
   Attacker now waits.  Eventually, someone runs something that uses the
   real libfoo.so.  The dynamic linker finds the bogus cache file, sees it
   has the right checksum-- and uses its symbol values.  Oops.


updating the cache should be a root-only thing.  anything leads to
maddness as you say.  also, it seems that set-id programs should
probably _not_ use prebinding (hmm.. need to think more on that one).


.mrg.