From nobody Tue Apr 22 16:39:17 2025 X-Original-To: freebsd-pkgbase@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Zhny40Tqcz5ssPK for ; Tue, 22 Apr 2025 16:39:24 +0000 (UTC) (envelope-from wollman@khavrinen.csail.mit.edu) Received: from khavrinen.csail.mit.edu (khavrinen.csail.mit.edu [IPv6:2603:400a:0:7ec::801e:1c14]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (prime256v1) client-digest SHA256) (Client CN "khavrinen.csail.mit.edu", Issuer "E5" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Zhny341BLz45Ss for ; Tue, 22 Apr 2025 16:39:23 +0000 (UTC) (envelope-from wollman@khavrinen.csail.mit.edu) Authentication-Results: mx1.freebsd.org; none Received: from khavrinen.csail.mit.edu (localhost [127.0.0.1]) by khavrinen.csail.mit.edu (8.18.1/8.17.1) with ESMTPS id 53MGdHLh083035 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO CN= issuer=); Tue, 22 Apr 2025 12:39:17 -0400 (EDT) (envelope-from wollman@khavrinen.csail.mit.edu) Received: (from wollman@localhost) by khavrinen.csail.mit.edu (8.18.1/8.18.1/Submit) id 53MGdHSa083034; Tue, 22 Apr 2025 12:39:17 -0400 (EDT) (envelope-from wollman) List-Id: Packaging the FreeBSD base system List-Archive: https://lists.freebsd.org/archives/freebsd-pkgbase List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pkgbase@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <26631.50741.155084.424170@khavrinen.csail.mit.edu> Date: Tue, 22 Apr 2025 12:39:17 -0400 From: Garrett Wollman To: Gordon Tetlow Cc: freebsd-pkgbase@freebsd.org Subject: Re: Splitting critical libraries from interactive shell in runtime package In-Reply-To: <015C4C6B-1CEC-4398-A8B9-CE21E88C617C@tetlows.org> References: <015C4C6B-1CEC-4398-A8B9-CE21E88C617C@tetlows.org> X-Mailer: VM 8.2.0b under 30.1 (amd64-portbld-freebsd13.4) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.4 (khavrinen.csail.mit.edu [0.0.0.0]); Tue, 22 Apr 2025 12:39:17 -0400 (EDT) X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:3, ipnet:2603:400a::/32, country:US] X-Rspamd-Queue-Id: 4Zhny341BLz45Ss X-Spamd-Bar: ---- < said: > A while ago, I was playing around with building stripped down jails > based on pkgbase and noticed that /bin/sh and a whole host of > interactive commands is in the FreeBSD-runtime package. This seemed > weird to me as my stripped down jail that is intended to run nginx > should only have the runtime libraries necessary. Including /bin/sh > and friends is unnecessary and would only enable an attacker to gain > a foothold more easily. Part of the functionality of the standard C library is implemented in the shell. You probably don't need any of these functions, and maybe given your security posture you would prefer if they didn't work. POSIX generally requires a shell. I think pkgbase is perhaps not conceived for this application: a shell is not normally thought of as an optional component. -GAWollman