From owner-freebsd-security@FreeBSD.ORG  Thu Dec 29 20:46:43 2011
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id EEAA6106564A;
	Thu, 29 Dec 2011 20:46:43 +0000 (UTC) (envelope-from ache@vniz.net)
Received: from vniz.net (vniz.net [194.87.13.69])
	by mx1.freebsd.org (Postfix) with ESMTP id 5F7EB8FC0A;
	Thu, 29 Dec 2011 20:46:42 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by vniz.net (8.14.5/8.14.5) with ESMTP id pBTKkbuM053478;
	Fri, 30 Dec 2011 00:46:37 +0400 (MSK) (envelope-from ache@vniz.net)
Received: (from ache@localhost)
	by localhost (8.14.5/8.14.5/Submit) id pBTKkb5W053477;
	Fri, 30 Dec 2011 00:46:37 +0400 (MSK) (envelope-from ache)
Date: Fri, 30 Dec 2011 00:46:37 +0400
From: Andrey Chernov <ache@FreeBSD.ORG>
To: d@delphij.net
Message-ID: <20111229204637.GB51102@vniz.net>
Mail-Followup-To: Andrey Chernov <ache@freebsd.org>, d@delphij.net,
	John Baldwin <jhb@FreeBSD.ORG>, freebsd-security@FreeBSD.ORG,
	Doug Barton <dougb@FreeBSD.ORG>
References: <201112231500.pBNF0c0O071712@svn.freebsd.org>
	<201112291400.41075.jhb@freebsd.org>
	<CAGMYy3t89jcmU6AP4Bsa+v+Vs+K7qm_SaqwA5u==wKrzaqTWBQ@mail.gmail.com>
	<201112291435.03493.jhb@freebsd.org> <4EFCCDDF.5080602@delphij.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <4EFCCDDF.5080602@delphij.net>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: freebsd-security@FreeBSD.ORG, Doug Barton <dougb@FreeBSD.ORG>,
	John Baldwin <jhb@FreeBSD.ORG>
Subject: Re: svn commit: r228843 - head/contrib/telnet/libtelnet
 head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen
 head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec...
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Dec 2011 20:46:44 -0000

On Thu, Dec 29, 2011 at 12:30:23PM -0800, Xin Li wrote:
> >> On Thu, Dec 29, 2011 at 11:00 AM, John Baldwin <jhb@freebsd.org>
> > Another route might have been set an env
> > var

I already suggest it as one of possible ways.

> Using an environment variable may be not a good idea since it can be
> easily overridden, and I think if the program runs something inside
> the chroot, the jailed chroot would have more proper setup to avoid
> this type of attack?

In case user (more precisely, ftpd) runs any program which resides in=20
/incoming/, nothing helps in anycase. In case ftpd runs known programs=20
=66rom known locations only, it can't be overriden because known program=20
(say, ls) is not malicious by itself and can be turned malicious only by=20
loading .so from current directory, which env variable prevents.

--=20
http://ache.vniz.net/