Date: Sun, 23 Feb 1997 15:57:22 +0100 From: Poul-Henning Kamp <phk@critter.dk.tfs.com> To: Julian Assange <proff@iq.org> Cc: eivind@dimaga.com (Eivind Eklund), hackers@freebsd.org, security@freebsd.org Subject: Re: o [1997/02/01] bin/2634 rtld patches for easy creation of chroot enviroments Message-ID: <2530.856709842@critter.dk.tfs.com> In-Reply-To: Your message of "Mon, 24 Feb 1997 01:16:47 %2B1100." <199702231416.BAA10178@profane.iq.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199702231416.BAA10178@profane.iq.org>, Julian Assange writes: >> Not quite. If we allow users to do this to setuid binaries, they can make >> setuid programs read dangerous config files, and exploit the new behaviour. >> A really simple example would be to create a fake /etc with a new >> master.passwd and run su. Sure, you have su only in the chroot()ed >> environment, but you could easily create a new suid binary... >> >> There is a reason chroot() is restricted to root, and I think we'd better >> keep that. If the patch was changed to restrict use to non-suid only (ie, >> root only), I'd be much more comfortable with it. > >It is restricted to non-suid, just the same as LD_PRELOAD is. There >is an "unsafe" field in the scan_tab for all enviromental variables >used by ld.so. It's set to on for LD_CHROOT. You may want to have >a look at this before presuming I'm a complete fool ;) Listen, this patch is maybe or maybe not correct, but it certainly is pointless. For anything as little used as chroot to clobber the one of the most timecritical piece of code in userland is simply not an option, in particular where there isn't any better argumentation that "it would be neat of one could..." Can this discussion please be taken offline now ? -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. Power and ignorance is a disgusting cocktail.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2530.856709842>