From owner-svn-src-head@freebsd.org  Mon May 15 19:25:21 2017
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C5014D6E54B;
 Mon, 15 May 2017 19:25:21 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2610:1c1:1:6074::16:84])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "freefall.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 850729A2;
 Mon, 15 May 2017 19:25:21 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from mail.xzibition.com (unknown [127.0.1.132])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by freefall.freebsd.org (Postfix) with ESMTPS id 9A4CE1388;
 Mon, 15 May 2017 19:25:20 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from mail.xzibition.com (localhost [172.31.3.2])
 by mail.xzibition.com (Postfix) with ESMTP id D141F6600;
 Mon, 15 May 2017 19:25:19 +0000 (UTC)
X-Virus-Scanned: amavisd-new at mail.xzibition.com
Received: from mail.xzibition.com ([172.31.3.2])
 by mail.xzibition.com (mail.xzibition.com [172.31.3.2]) (amavisd-new,
 port 10026)
 with LMTP id SIK0wDQicQOx; Mon, 15 May 2017 19:25:16 +0000 (UTC)
Subject: Re: svn commit: r318313 - head/libexec/rtld-elf
DKIM-Filter: OpenDKIM Filter v2.9.2 mail.xzibition.com 8BE2265FB
To: Konstantin Belousov <kostikbel@gmail.com>,
 Alexey Dokuchaev <danfe@FreeBSD.org>
References: <201705151848.v4FImwMW070221@repo.freebsd.org>
 <20170515185236.GB1637@FreeBSD.org> <20170515190030.GG1622@kib.kiev.ua>
Cc: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
From: Bryan Drewery <bdrewery@FreeBSD.org>
Openpgp: id=F9173CB2C3AAEA7A5C8A1F0935D771BB6E4697CF;
 url=http://www.shatow.net/bryan/bryan2.asc
Organization: FreeBSD
Message-ID: <2493cfd2-1fab-d4cd-523c-0bd7413b1c86@FreeBSD.org>
Date: Mon, 15 May 2017 12:25:20 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <20170515190030.GG1622@kib.kiev.ua>
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="FIBNq4MPs9g7XO3idsWtoeOkCiNO9wVti"
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 15 May 2017 19:25:21 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--FIBNq4MPs9g7XO3idsWtoeOkCiNO9wVti
Content-Type: multipart/mixed; boundary="cTJXegGkWXd4O3fHPXOudkouWIhUkFfcI";
 protected-headers="v1"
From: Bryan Drewery <bdrewery@FreeBSD.org>
To: Konstantin Belousov <kostikbel@gmail.com>,
 Alexey Dokuchaev <danfe@FreeBSD.org>
Cc: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Message-ID: <2493cfd2-1fab-d4cd-523c-0bd7413b1c86@FreeBSD.org>
Subject: Re: svn commit: r318313 - head/libexec/rtld-elf
References: <201705151848.v4FImwMW070221@repo.freebsd.org>
 <20170515185236.GB1637@FreeBSD.org> <20170515190030.GG1622@kib.kiev.ua>
In-Reply-To: <20170515190030.GG1622@kib.kiev.ua>

--cTJXegGkWXd4O3fHPXOudkouWIhUkFfcI
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 5/15/2017 12:00 PM, Konstantin Belousov wrote:
> On Mon, May 15, 2017 at 06:52:36PM +0000, Alexey Dokuchaev wrote:
>> On Mon, May 15, 2017 at 06:48:58PM +0000, Konstantin Belousov wrote:
>>> New Revision: 318313
>>> URL: https://svnweb.freebsd.org/changeset/base/318313
>>>
>>> Log:
>>>   Make ld-elf.so.1 directly executable.
>>
>> Does it mean that old Linux' trick of /lib/ld-linux.so.2 /bin/chmod +x=

>> /bin/chmod would now be possible on FreeBSD as well?
> Yes.
>=20
>> Does this have any security implications?
> What do you mean ?
>=20

I think for 3rd-party distributions it may be a problem. At the very
least it needs to be communicated clearly in release notes or UPDATING.

Consider a downstream vendor who has support for signed binary
executions.  If rtld allows a backdoor around exec(2) to run an unsigned
binary, that could be a problem for them.  It is on them to add support
to exec(2) to validate the special case of execing rtld with an
argument, or to just disable the feature in rtld from this commit.

--=20
Regards,
Bryan Drewery


--cTJXegGkWXd4O3fHPXOudkouWIhUkFfcI--

--FIBNq4MPs9g7XO3idsWtoeOkCiNO9wVti
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJZGgCgAAoJEDXXcbtuRpfPXWAH/2Mi0uu/VhoCi+cTZaUwphAo
OPFx6XFHODSG2DtSAuQgVKVjZWP2AP+kmqKkuHpyGARsuTVqjJyDu2YMKkd2OBS7
Ap53emckAzi/LFqQ46bianJWQzx9HJrSmvCxqMJzzBHKNa154OAh4TFtQMGBVwtc
rQY6GIYDSir3ASTasHJrYtbFSaSG1olSHj5WWBMveoQHwzAlZ0Y17OOWF1IMxyIr
jnTPx8W4nLVHbCuZsydoSNMqv7vw/aN1fJZZBKvGzbIxKWEAhBcKxE6jhVpKBeEd
pdrXhFI6wgj4C6X0SZ1hIJL0QAsoIVW1/sGIFDzpqSq2vFVOajCclmf4p+mQEYA=
=FUZz
-----END PGP SIGNATURE-----

--FIBNq4MPs9g7XO3idsWtoeOkCiNO9wVti--