Date: Fri, 23 Dec 2011 11:21:27 -0800 From: Xin Li <delphij@delphij.net> To: John Baldwin <jhb@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, d@delphij.net, Colin Percival <cperciva@freebsd.org> Subject: Re: svn commit: r228843 - head/contrib/telnet/libtelnet head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec... Message-ID: <4EF4D4B7.7020109@delphij.net> In-Reply-To: <201112231058.46642.jhb@freebsd.org> References: <201112231500.pBNF0c0O071712@svn.freebsd.org> <201112231058.46642.jhb@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/23/11 07:58, John Baldwin wrote: > On Friday, December 23, 2011 10:00:38 am Colin Percival wrote: >> Author: cperciva Date: Fri Dec 23 15:00:37 2011 New Revision: >> 228843 URL: http://svn.freebsd.org/changeset/base/228843 >> >> Log: Fix a problem whereby a corrupt DNS record can cause named >> to crash. [11:06] >> >> Add an API for alerting internal libc routines to the presence >> of "unsafe" paths post-chroot, and use it in ftpd. [11:07] > > Eh, the whole libc_dlopen() thing looks like a gross hack (and who > came up with that weird symbol name for a public API????). Is it > really even needed given the other fix to have ftpd drop privilege > before execing a helper program? I guess the main reason I don't > like it is it doesn't do This is not sufficient if only privileges are dropped. The attacker can still get e.g. a shell or start an IRC bot if the application is not careful enough. The current form the patch is, is based on a lengthy discussion between secteam@ and re@ and we did thought about other alternatives, like using a wrapper around chroot(2) and contain everything in it, or check permissions on certain "important" files, etc. These would require changes to chroot(2) semantics which could break existing installations and the outcome could be quite silent which eventually results in this. Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk701LcACgkQOfuToMruuMAoqACgiDXP636IAhXnEpa54UBQa9SW 2ncAnRulYPS4+BtqizIP2BEiu4bhmJss =C2U1 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EF4D4B7.7020109>