From owner-svn-src-head@freebsd.org Mon May 15 19:25:21 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C5014D6E54B; Mon, 15 May 2017 19:25:21 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 850729A2; Mon, 15 May 2017 19:25:21 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mail.xzibition.com (unknown [127.0.1.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by freefall.freebsd.org (Postfix) with ESMTPS id 9A4CE1388; Mon, 15 May 2017 19:25:20 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mail.xzibition.com (localhost [172.31.3.2]) by mail.xzibition.com (Postfix) with ESMTP id D141F6600; Mon, 15 May 2017 19:25:19 +0000 (UTC) X-Virus-Scanned: amavisd-new at mail.xzibition.com Received: from mail.xzibition.com ([172.31.3.2]) by mail.xzibition.com (mail.xzibition.com [172.31.3.2]) (amavisd-new, port 10026) with LMTP id SIK0wDQicQOx; Mon, 15 May 2017 19:25:16 +0000 (UTC) Subject: Re: svn commit: r318313 - head/libexec/rtld-elf DKIM-Filter: OpenDKIM Filter v2.9.2 mail.xzibition.com 8BE2265FB To: Konstantin Belousov , Alexey Dokuchaev References: <201705151848.v4FImwMW070221@repo.freebsd.org> <20170515185236.GB1637@FreeBSD.org> <20170515190030.GG1622@kib.kiev.ua> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org From: Bryan Drewery Openpgp: id=F9173CB2C3AAEA7A5C8A1F0935D771BB6E4697CF; url=http://www.shatow.net/bryan/bryan2.asc Organization: FreeBSD Message-ID: <2493cfd2-1fab-d4cd-523c-0bd7413b1c86@FreeBSD.org> Date: Mon, 15 May 2017 12:25:20 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20170515190030.GG1622@kib.kiev.ua> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="FIBNq4MPs9g7XO3idsWtoeOkCiNO9wVti" X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 May 2017 19:25:21 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --FIBNq4MPs9g7XO3idsWtoeOkCiNO9wVti Content-Type: multipart/mixed; boundary="cTJXegGkWXd4O3fHPXOudkouWIhUkFfcI"; protected-headers="v1" From: Bryan Drewery To: Konstantin Belousov , Alexey Dokuchaev Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Message-ID: <2493cfd2-1fab-d4cd-523c-0bd7413b1c86@FreeBSD.org> Subject: Re: svn commit: r318313 - head/libexec/rtld-elf References: <201705151848.v4FImwMW070221@repo.freebsd.org> <20170515185236.GB1637@FreeBSD.org> <20170515190030.GG1622@kib.kiev.ua> In-Reply-To: <20170515190030.GG1622@kib.kiev.ua> --cTJXegGkWXd4O3fHPXOudkouWIhUkFfcI Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 5/15/2017 12:00 PM, Konstantin Belousov wrote: > On Mon, May 15, 2017 at 06:52:36PM +0000, Alexey Dokuchaev wrote: >> On Mon, May 15, 2017 at 06:48:58PM +0000, Konstantin Belousov wrote: >>> New Revision: 318313 >>> URL: https://svnweb.freebsd.org/changeset/base/318313 >>> >>> Log: >>> Make ld-elf.so.1 directly executable. >> >> Does it mean that old Linux' trick of /lib/ld-linux.so.2 /bin/chmod +x= >> /bin/chmod would now be possible on FreeBSD as well? > Yes. >=20 >> Does this have any security implications? > What do you mean ? >=20 I think for 3rd-party distributions it may be a problem. At the very least it needs to be communicated clearly in release notes or UPDATING. Consider a downstream vendor who has support for signed binary executions. If rtld allows a backdoor around exec(2) to run an unsigned binary, that could be a problem for them. It is on them to add support to exec(2) to validate the special case of execing rtld with an argument, or to just disable the feature in rtld from this commit. --=20 Regards, Bryan Drewery --cTJXegGkWXd4O3fHPXOudkouWIhUkFfcI-- --FIBNq4MPs9g7XO3idsWtoeOkCiNO9wVti Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJZGgCgAAoJEDXXcbtuRpfPXWAH/2Mi0uu/VhoCi+cTZaUwphAo OPFx6XFHODSG2DtSAuQgVKVjZWP2AP+kmqKkuHpyGARsuTVqjJyDu2YMKkd2OBS7 Ap53emckAzi/LFqQ46bianJWQzx9HJrSmvCxqMJzzBHKNa154OAh4TFtQMGBVwtc rQY6GIYDSir3ASTasHJrYtbFSaSG1olSHj5WWBMveoQHwzAlZ0Y17OOWF1IMxyIr jnTPx8W4nLVHbCuZsydoSNMqv7vw/aN1fJZZBKvGzbIxKWEAhBcKxE6jhVpKBeEd pdrXhFI6wgj4C6X0SZ1hIJL0QAsoIVW1/sGIFDzpqSq2vFVOajCclmf4p+mQEYA= =FUZz -----END PGP SIGNATURE----- --FIBNq4MPs9g7XO3idsWtoeOkCiNO9wVti--