Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 24 Dec 2011 12:46:10 -0800
From:      Xin LI <delphij@gmail.com>
To:        =?UTF-8?Q?Edward_Tomasz_Napiera=C5=82a?= <trasz@freebsd.org>
Cc:        src-committers@freebsd.org, Andrey Chernov <ache@freebsd.org>, John Baldwin <jhb@freebsd.org>, svn-src-all@freebsd.org, svn-src-head@freebsd.org, Colin Percival <cperciva@freebsd.org>, Kostik Belousov <kostikbel@gmail.com>, Alexander Kabaev <kabaev@gmail.com>
Subject:   Re: svn commit: r228843 - head/contrib/telnet/libtelnet head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec...
Message-ID:  <CAGMYy3u3ixg0rh16JFwL00a%2BH-qGb60LTR2tLgCrRXfAhMrvFA@mail.gmail.com>
In-Reply-To: <8E5EE6FA-7BA1-4590-843A-F5C3C0493E5B@FreeBSD.org>
References:  <201112231500.pBNF0c0O071712@svn.freebsd.org> <201112231058.46642.jhb@freebsd.org> <201112231122.34436.jhb@freebsd.org> <20111223120644.75fe944d@kan.dyndns.org> <20111223175143.GJ50300@deviant.kiev.zoral.com.ua> <20111224100509.GA98136@vniz.net> <CAGMYy3s4YM-j165o9p%2BEDgMf0%2BaJq7gKj5yR=LK8_yfECnbtog@mail.gmail.com> <20111224103948.GA10939@vniz.net> <CAGMYy3vUMUi0ajADs2AdVRPfWQShmjfXDHfrKTFBmHGiNTWPFA@mail.gmail.com> <20111224105045.GA11127@vniz.net> <8E5EE6FA-7BA1-4590-843A-F5C3C0493E5B@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
2011/12/24 Edward Tomasz Napiera=C5=82a <trasz@freebsd.org>:
> Wiadomo=C5=9B=C4=87 napisana przez Andrey Chernov w dniu 24 gru 2011, o g=
odz. 11:50:
>> On Sat, Dec 24, 2011 at 02:45:21AM -0800, Xin LI wrote:
>>> On Sat, Dec 24, 2011 at 2:39 AM, Andrey Chernov <ache@freebsd.org> wrot=
e:
>>>> On Sat, Dec 24, 2011 at 02:26:20AM -0800, Xin LI wrote:
>>>>> chroot(2) can create legitimate and secure environment where dlopen(2=
)
>>>>> is safe and necessary.
>>>>
>>>> Yes, so ischroot() check can be used only into that places where libc'=
s
>>>> libc_dlopen() currently used, i.e. placed into libc_dlopen() itself.
>>>
>>> So it's Okay to break NSS in chroot jail?
>>
>> We need general solution. We simple can't count all possible and future
>> ftpd's arround the world and insert __FreeBSD_libc_enter_restricted_mode=
()
>> into them. I even not mention other programs that may use chroot() too. =
If
>> some component like auth is critical for chroot, it should be restricted
>> in general scope.
>
> How about adding a check in dlopen(3) to make sure the file being opened
> is owned either by us (getuid(3)) or root and is not writable by anyone e=
lse?

Won't work because the binary might be run by privileged but chroot
user.  Again, this is the first proposal that we have considered.

Cheers,
--=20
Xin LI <delphij@delphij.net> https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGMYy3u3ixg0rh16JFwL00a%2BH-qGb60LTR2tLgCrRXfAhMrvFA>