This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
Re: ldd functionality from suid binary
On 7/17/2012 9:06 AM, Renáta Hodován wrote:
> Any idea? :)
> Once again, the question is: is there any way to call ldd from an suid binary?
>
> Cheers,
> Reni
>
> 2012-07-12 20:56 keltezéssel, Renáta Hodován írta:
>> Hi there,
>>
>> I have a problem what I hope you can help in. I need a C++ function what is able to work out an ldd-like functionality (this should be a part of a bigger project). I already have a solution and you can find its simplified version under the following link:
>> http://pastebin.com/3SwYj5vR
>>
>> Unfortunately the binary, what will contain this code, has suid flag. And in this case my example exits with status 5 error message (without suid the code works fine).
>> I investigated the code of ldd and found the following in rtld.c : process_dl_audit function:
>>
>> if (mode != normal)
>> _exit (5);
>>
>> So it seems to me that ldd doesn't work for suid binaries. But I hope that I'm wrong.
>> This is why I'd like to ask your help to find a solution/workaround!
You need to exec a non-suid binary to do the work for you and return the results.
It will provide better security to do risky things (like auditing) in a separate process.
If you feel that a suid binary should be able to run with dangerous environment variables
set then please file a bugzilla issue with your use case.
Cheers,
Carlos.
--
Carlos O'Donell
Mentor Graphics / CodeSourcery
carlos_odonell@mentor.com
carlos@codesourcery.com
+1 (613) 963 1026