Date: Mon, 15 May 2017 15:13:16 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Ian Lepore <ian@freebsd.org> Cc: Konstantin Belousov <kostikbel@gmail.com>, Alexey Dokuchaev <danfe@FreeBSD.org>, svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r318313 - head/libexec/rtld-elf Message-ID: <20170515191316.jjtxiynrh3jvo5sz@mutt-hbsd> In-Reply-To: <1494875335.59865.118.camel@freebsd.org> References: <201705151848.v4FImwMW070221@repo.freebsd.org> <20170515185236.GB1637@FreeBSD.org> <20170515190030.GG1622@kib.kiev.ua> <1494875335.59865.118.camel@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--5io3g6j2hynitzvc Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 15, 2017 at 01:08:55PM -0600, Ian Lepore wrote: > On Mon, 2017-05-15 at 22:00 +0300, Konstantin Belousov wrote: > > On Mon, May 15, 2017 at 06:52:36PM +0000, Alexey Dokuchaev wrote: > > >=20 > > > On Mon, May 15, 2017 at 06:48:58PM +0000, Konstantin Belousov > > > wrote: > > > >=20 > > > > New Revision: 318313 > > > > URL: https://svnweb.freebsd.org/changeset/base/318313 > > > >=20 > > > > Log: > > > > ? Make ld-elf.so.1 directly executable. > > > Does it mean that old Linux' trick of /lib/ld-linux.so.2 /bin/chmod > > > +x > > > /bin/chmod would now be possible on FreeBSD as well? > > Yes. > >=20 > > >=20 > > > Does this have any security implications? > > What do you mean ? > >=20 >=20 > Well, for example, it seems like it would allow anyone to execute a > binary even if the sysadmin had set it to -x specifically to prevent > people from running it. It additionally subverts application whitelisting schemes where all dependent shared objects (even the rtld) are checked (such is the case with Integriforce in HardenedBSD). Since even the rtld is checked, an attacker can now bypass the application whitelisting scheme by running: /libexec/ld-elf.so.1 /path/to/previously/disallowed/executable Thanks, --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --5io3g6j2hynitzvc Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAlkZ/ckACgkQaoRlj1JF bu5B2w/+IwXqXEF1TEazfzGVK6C4+f9WoK12qRISJlVF7hGVFQ1Sk0Hbac4P3Mb0 +5WXXb4XFzYLCk8bXWUgO0rJdyVKmkeRQhQ0dREXUoSBOPZDbVk3/rTprlwiv3I5 dj2m3b012zcW7D3py3P/LwVztsw6WQ4EaIkgnYax4QT0YdOJP0vwRmVCHPegro47 F2Aw0zuAKY+Cjau7y/Act8aEZ7Vu5yaOeruKtJi7HaLCugq5JXd0zWuiwVZhZhaT NkOx0Rl+fEyZK8LuZ3v9yWCzjV4FmdYHB54ZzpNwCgIl6+a3LKgfV1DP36/CKacg TsGmSbv8vSDBIBJCq1lH/l+EWJb5qq+pk56bcbFEQs3bagtieD/yrrarM6hGIZir l2qJOAX7uRhR0uH7eofN6nKd5Sjdm6KymcBER6XLNBAciNsTK/VsAihtf7akD4w0 JX8OGBgBye+lBaAfk6f2swB8eUmwsdG+asX6brevF1Jh4L/M7QeJbYxVMV/1/L9/ NBBaKgDGPyyQYrfQQpu5heaZ7+ec/TdUaeV61+vJ8sKNCCyGJh/MoJGVAwjmgUaj 1mNvmv9CGSyk9nuoQXj/KkpWIa2F/SDHu2toO2wvgJmoP61tDC1yARCnL91aPDrE 5jEKCR3mMfjhfYwQuBuusBAsGHyuZslJFirXsPCrmynBPzZI4XI= =ipty -----END PGP SIGNATURE----- --5io3g6j2hynitzvc--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170515191316.jjtxiynrh3jvo5sz>