[Qt-interest] [OT] Re: [Qt5-feedback] Fwd: Re: Qt major versions

Till Oliver Knoll till.oliver.knoll at gmail.com
Wed Jun 8 22:13:57 CEST 2011 

Am 08.06.11 12:16, schrieb Thiago Macieira:
>> ...
>> Right - but Unix systems don't assume that user himself is a potential
>> malefactor....
> Right. If a malicious process has the ability to set LD_LIBRARY_PATH, it also
> has the ability to ptrace() existing processes and read off their memory
> contents,

The attack would probably rather come from a malicious "drive-by" 
website than a malicious process: if such a website managed to silently 
download files into your home directory (due to bugs in the browser, or 
wrong security settings in the browser, ...), for instance:

   .profile
   libQtCore.so.4

Assuming off course that .profile would not yet exist in the home 
directory (I think at least on a Mac it does not exist by default - the 
one I have I edited myself). That file would then contain

   LD_LIBRARY_PATH=~:${LD_LIBRARY_PATH}

or

   LD_LIBRARY_PATH=/tmp/:${LD_LIBRARY_PATH}

and download libQtCore.so.4 into /tmp accordingly, in case ~ (home 
directory) does not work for LD_LIBRARY_PATH.

libQtCore would be super-evil, e.g. logging all your keyboard entries, 
downloading more malicious code or anything evil. To keep it small, it 
would link with the real Qt Core and simply "override" some methods with 
malicious code. Or so...

Then the next time the user would login and start a Qt application (or 
take any library/application combination, for that matter) the malicous 
code would be executed (off course only with the rights of the user, but 
that might be enough to sniff for passwords etc.).

>>
>> There is a way to ensure that application loads libraries from certain
>> locations: load them with dlopen.
>
> dlopen(3) without paths obeys the search rules. QLibrary without paths does
> the same.
>
> And note that the problem here isn't loading the right plugin with dlopen.
> It's that the plugin has dependencies and those are loaded automatically.

Exactly. And it only would work for applications which don't link 
against any library (except the C runtime) and would be masochistic 
enough to dlsym every Qt method they need. And even that would not help, 
since those libraries depend on other libraries again, and those are 
implicitly linked again -> same problem ;)

Cheers, Oliver

More information about the Qt-interest-old mailing list