Date: Fri, 23 Dec 2011 19:51:43 +0200 From: Kostik Belousov <kostikbel@gmail.com> To: Alexander Kabaev <kabaev@gmail.com> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Colin Percival <cperciva@freebsd.org>, John Baldwin <jhb@freebsd.org> Subject: Re: svn commit: r228843 - head/contrib/telnet/libtelnet head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec... Message-ID: <20111223175143.GJ50300@deviant.kiev.zoral.com.ua> In-Reply-To: <20111223120644.75fe944d@kan.dyndns.org> References: <201112231500.pBNF0c0O071712@svn.freebsd.org> <201112231058.46642.jhb@freebsd.org> <201112231122.34436.jhb@freebsd.org> <20111223120644.75fe944d@kan.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--eUJGivEzlkoRlQKE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Dec 23, 2011 at 12:06:44PM -0500, Alexander Kabaev wrote: > On Fri, 23 Dec 2011 11:22:34 -0500 > John Baldwin <jhb@freebsd.org> wrote: >=20 > > On Friday, December 23, 2011 10:58:46 am John Baldwin wrote: > > > On Friday, December 23, 2011 10:00:38 am Colin Percival wrote: > > > > Author: cperciva > > > > Date: Fri Dec 23 15:00:37 2011 > > > > New Revision: 228843 > > > > URL: http://svn.freebsd.org/changeset/base/228843 > > > >=20 > > > > Log: > > > > Fix a problem whereby a corrupt DNS record can cause named to > > > > crash. [11:06]=20 > > > > Add an API for alerting internal libc routines to the presence > > > > of "unsafe" paths post-chroot, and use it in ftpd. [11:07] > > >=20 > > > Eh, the whole libc_dlopen() thing looks like a gross hack (and who > > > came up with that weird symbol name for a public API????). Is it > > > really even needed given the other fix to have ftpd drop privilege > > > before execing a helper program? I guess the main reason I don't > > > like it is it doesn't do anything to address the more general > > > problem. I would have expected instead something to restrict > > > dlopen() entirely including from other libraries than just libc in > > > certain circumstances. > >=20 > > At the very least if we feel that the libc_dlopen() thing is a > > temporary band-aid, we should move the new symbols into the private > > namespace so we can remove them once the better fix is in rather than > > being required to support them forever. libc_dlopen() is not exposed. The __FreeBSD_libc_enter_restricted_mode() is, and its name is ugly exactly to note the ugly intent. I do not see how the symbol can go int FBSDprivate_1.0 when it was supposed to be used by third-party applications. Putting this hack into rtld itself IMO has to wide consequences. For libc, we can enumerate the points that stop work after the call, but for the generic applications the consequences are undefined. > >=20 > > --=20 > > John Baldwin >=20 > Pardon for not catching that when I had a chance to influence the > outcome, but I would like to voice my support to tucking the ugliness > into private version namespace. >=20 > --=20 > Alexander Kabaev --eUJGivEzlkoRlQKE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk70v68ACgkQC3+MBN1Mb4giqACZASswqraasc/H8jXYcsVgrzHC E3YAnirjfVXolCKucgQmVK9PENC/Zp7c =yURB -----END PGP SIGNATURE----- --eUJGivEzlkoRlQKE--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111223175143.GJ50300>