Date: Mon, 15 May 2017 12:25:20 -0700 From: Bryan Drewery <bdrewery@FreeBSD.org> To: Konstantin Belousov <kostikbel@gmail.com>, Alexey Dokuchaev <danfe@FreeBSD.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r318313 - head/libexec/rtld-elf Message-ID: <2493cfd2-1fab-d4cd-523c-0bd7413b1c86@FreeBSD.org> In-Reply-To: <20170515190030.GG1622@kib.kiev.ua> References: <201705151848.v4FImwMW070221@repo.freebsd.org> <20170515185236.GB1637@FreeBSD.org> <20170515190030.GG1622@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --FIBNq4MPs9g7XO3idsWtoeOkCiNO9wVti Content-Type: multipart/mixed; boundary="cTJXegGkWXd4O3fHPXOudkouWIhUkFfcI"; protected-headers="v1" From: Bryan Drewery <bdrewery@FreeBSD.org> To: Konstantin Belousov <kostikbel@gmail.com>, Alexey Dokuchaev <danfe@FreeBSD.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Message-ID: <2493cfd2-1fab-d4cd-523c-0bd7413b1c86@FreeBSD.org> Subject: Re: svn commit: r318313 - head/libexec/rtld-elf References: <201705151848.v4FImwMW070221@repo.freebsd.org> <20170515185236.GB1637@FreeBSD.org> <20170515190030.GG1622@kib.kiev.ua> In-Reply-To: <20170515190030.GG1622@kib.kiev.ua> --cTJXegGkWXd4O3fHPXOudkouWIhUkFfcI Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 5/15/2017 12:00 PM, Konstantin Belousov wrote: > On Mon, May 15, 2017 at 06:52:36PM +0000, Alexey Dokuchaev wrote: >> On Mon, May 15, 2017 at 06:48:58PM +0000, Konstantin Belousov wrote: >>> New Revision: 318313 >>> URL: https://svnweb.freebsd.org/changeset/base/318313 >>> >>> Log: >>> Make ld-elf.so.1 directly executable. >> >> Does it mean that old Linux' trick of /lib/ld-linux.so.2 /bin/chmod +x= >> /bin/chmod would now be possible on FreeBSD as well? > Yes. >=20 >> Does this have any security implications? > What do you mean ? >=20 I think for 3rd-party distributions it may be a problem. At the very least it needs to be communicated clearly in release notes or UPDATING. Consider a downstream vendor who has support for signed binary executions. If rtld allows a backdoor around exec(2) to run an unsigned binary, that could be a problem for them. It is on them to add support to exec(2) to validate the special case of execing rtld with an argument, or to just disable the feature in rtld from this commit. --=20 Regards, Bryan Drewery --cTJXegGkWXd4O3fHPXOudkouWIhUkFfcI-- --FIBNq4MPs9g7XO3idsWtoeOkCiNO9wVti Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJZGgCgAAoJEDXXcbtuRpfPXWAH/2Mi0uu/VhoCi+cTZaUwphAo OPFx6XFHODSG2DtSAuQgVKVjZWP2AP+kmqKkuHpyGARsuTVqjJyDu2YMKkd2OBS7 Ap53emckAzi/LFqQ46bianJWQzx9HJrSmvCxqMJzzBHKNa154OAh4TFtQMGBVwtc rQY6GIYDSir3ASTasHJrYtbFSaSG1olSHj5WWBMveoQHwzAlZ0Y17OOWF1IMxyIr jnTPx8W4nLVHbCuZsydoSNMqv7vw/aN1fJZZBKvGzbIxKWEAhBcKxE6jhVpKBeEd pdrXhFI6wgj4C6X0SZ1hIJL0QAsoIVW1/sGIFDzpqSq2vFVOajCclmf4p+mQEYA= =FUZz -----END PGP SIGNATURE----- --FIBNq4MPs9g7XO3idsWtoeOkCiNO9wVti--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2493cfd2-1fab-d4cd-523c-0bd7413b1c86>