Date: Sat, 24 Dec 2011 14:10:37 +0100 From: =?iso-8859-2?Q?Edward_Tomasz_Napiera=B3a?= <trasz@FreeBSD.org> To: Andrey Chernov <ache@FreeBSD.ORG> Cc: src-committers@FreeBSD.ORG, Xin LI <delphij@gmail.com>, John Baldwin <jhb@FreeBSD.ORG>, svn-src-all@FreeBSD.ORG, svn-src-head@FreeBSD.ORG, Colin Percival <cperciva@FreeBSD.ORG>, Kostik Belousov <kostikbel@gmail.com>, Alexander Kabaev <kabaev@gmail.com> Subject: Re: svn commit: r228843 - head/contrib/telnet/libtelnet head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec... Message-ID: <8E5EE6FA-7BA1-4590-843A-F5C3C0493E5B@FreeBSD.org> In-Reply-To: <20111224105045.GA11127@vniz.net> References: <201112231500.pBNF0c0O071712@svn.freebsd.org> <201112231058.46642.jhb@freebsd.org> <201112231122.34436.jhb@freebsd.org> <20111223120644.75fe944d@kan.dyndns.org> <20111223175143.GJ50300@deviant.kiev.zoral.com.ua> <20111224100509.GA98136@vniz.net> <CAGMYy3s4YM-j165o9p%2BEDgMf0%2BaJq7gKj5yR=LK8_yfECnbtog@mail.gmail.com> <20111224103948.GA10939@vniz.net> <CAGMYy3vUMUi0ajADs2AdVRPfWQShmjfXDHfrKTFBmHGiNTWPFA@mail.gmail.com> <20111224105045.GA11127@vniz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Wiadomość napisana przez Andrey Chernov w dniu 24 gru 2011, o godz. 11:50: > On Sat, Dec 24, 2011 at 02:45:21AM -0800, Xin LI wrote: >> On Sat, Dec 24, 2011 at 2:39 AM, Andrey Chernov <ache@freebsd.org> wrote: >>> On Sat, Dec 24, 2011 at 02:26:20AM -0800, Xin LI wrote: >>>> chroot(2) can create legitimate and secure environment where dlopen(2) >>>> is safe and necessary. >>> >>> Yes, so ischroot() check can be used only into that places where libc's >>> libc_dlopen() currently used, i.e. placed into libc_dlopen() itself. >> >> So it's Okay to break NSS in chroot jail? > > We need general solution. We simple can't count all possible and future > ftpd's arround the world and insert __FreeBSD_libc_enter_restricted_mode() > into them. I even not mention other programs that may use chroot() too. If > some component like auth is critical for chroot, it should be restricted > in general scope. How about adding a check in dlopen(3) to make sure the file being opened is owned either by us (getuid(3)) or root and is not writable by anyone else?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8E5EE6FA-7BA1-4590-843A-F5C3C0493E5B>