From owner-freebsd-security@FreeBSD.ORG Tue Dec 20 09:58:25 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A537A106567E for ; Tue, 20 Dec 2011 09:58:25 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from mail.zoral.com.ua (mx0.zoral.com.ua [91.193.166.200]) by mx1.freebsd.org (Postfix) with ESMTP id 77B678FC0A for ; Tue, 20 Dec 2011 09:58:23 +0000 (UTC) Received: from alf.home (alf.kiev.zoral.com.ua [10.1.1.177]) by mail.zoral.com.ua (8.14.2/8.14.2) with ESMTP id pBK9wExx036516 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 20 Dec 2011 11:58:14 +0200 (EET) (envelope-from kostikbel@gmail.com) Received: from alf.home (kostik@localhost [127.0.0.1]) by alf.home (8.14.5/8.14.5) with ESMTP id pBK9wEek071975; Tue, 20 Dec 2011 11:58:14 +0200 (EET) (envelope-from kostikbel@gmail.com) Received: (from kostik@localhost) by alf.home (8.14.5/8.14.5/Submit) id pBK9wDCM071974; Tue, 20 Dec 2011 11:58:13 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: alf.home: kostik set sender to kostikbel@gmail.com using -f Date: Tue, 20 Dec 2011 11:58:13 +0200 From: Kostik Belousov To: Peter Jeremy Message-ID: <20111220095813.GM50300@deviant.kiev.zoral.com.ua> References: <4EEF9375.1010203@sentex.net> <20111219200104.GK50300@deviant.kiev.zoral.com.ua> <20111219223627.GA2391@server.vk2pj.dyndns.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="EhjvRVKassQj6c36" Content-Disposition: inline In-Reply-To: <20111219223627.GA2391@server.vk2pj.dyndns.org> User-Agent: Mutt/1.4.2.3i X-Virus-Scanned: clamav-milter 0.95.2 at skuns.kiev.zoral.com.ua X-Virus-Status: Clean X-Spam-Status: No, score=-3.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on skuns.kiev.zoral.com.ua Cc: "freebsd-security@freebsd.org" Subject: Re: logging _rtld errors X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Dec 2011 09:58:25 -0000 --EhjvRVKassQj6c36 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Dec 20, 2011 at 09:36:28AM +1100, Peter Jeremy wrote: > On 2011-Dec-19 22:01:04 +0200, Kostik Belousov wrot= e: > >On Mon, Dec 19, 2011 at 11:54:46AM -0800, Xin LI wrote: > >> It doesn't seem to me that this proposed change would do something > >> with security? >=20 > rtld is a fairly critical part of FreeBSD infrastructure and there > have been several instances where rtld changes have resulted in > security vulnerabilities. [Removed]. >=20 > >I also think that UTRACE part is not bad, but will object against the > >LD_PRINT_ERROR part. >=20 > Could you please explain your objections to the LD_PRINT_ERROR part as > I don't see an immediate problem with them. The rtld is the low level facility, that shall silently do its work. It is the same kind of runtime glue as libc or libthr. It shall return errors to the caller. We do not change libc by adding knob to print errors if some libc function failed, so why shall we do this for rtld ? Adding utrace would ease the introspection (which in fact can be already deduced from the other ktrace output, but I agree that this require some knowledge of rtld internals, thus explicit error tracing make it more accessible). Also please note that rtld already has debug mode that is exactly designed for debugging dynamic linking problems. The fact that rtld returns string representation of the error instead of error codes like errno is mostly a mistake. >=20 > > FWIW, it should use rtld_printf() instead of printf(), > >but this is moot point. >=20 > Accepted. >=20 > On 2011-Dec-19 21:02:49 +0100, Cl?ment Lecigne wrote: > >Dont know but the ld_printerror !=3D '\0' in the patch should be > >*ld_printerror !=3D '\0', no? >=20 > Oops, my mistake. Yes, there is a missing '*'. >=20 > --=20 > Peter Jeremy --EhjvRVKassQj6c36 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk7wXDUACgkQC3+MBN1Mb4hvAwCeI0wAvE2XwsAu7UAXsFLxi/xR Rb4AnRijaEgEVB0yxCcfV/hs/unwrk7p =0sB9 -----END PGP SIGNATURE----- --EhjvRVKassQj6c36--