Date: Mon, 15 May 2017 12:32:02 -0700 From: Bryan Drewery <bdrewery@FreeBSD.org> To: Konstantin Belousov <kostikbel@gmail.com> Cc: Alexey Dokuchaev <danfe@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r318313 - head/libexec/rtld-elf Message-ID: <0b218455-d104-04be-d133-285f81d93456@FreeBSD.org> In-Reply-To: <20170515192944.GI1622@kib.kiev.ua> References: <201705151848.v4FImwMW070221@repo.freebsd.org> <20170515185236.GB1637@FreeBSD.org> <20170515190030.GG1622@kib.kiev.ua> <2493cfd2-1fab-d4cd-523c-0bd7413b1c86@FreeBSD.org> <20170515192944.GI1622@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --FFLTjE6i9bxfXR2VegpjnuIwKpGNemOk6 Content-Type: multipart/mixed; boundary="frbo5V5UHc3GFGXi1RewG7rIUQqtDnV22"; protected-headers="v1" From: Bryan Drewery <bdrewery@FreeBSD.org> To: Konstantin Belousov <kostikbel@gmail.com> Cc: Alexey Dokuchaev <danfe@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Message-ID: <0b218455-d104-04be-d133-285f81d93456@FreeBSD.org> Subject: Re: svn commit: r318313 - head/libexec/rtld-elf References: <201705151848.v4FImwMW070221@repo.freebsd.org> <20170515185236.GB1637@FreeBSD.org> <20170515190030.GG1622@kib.kiev.ua> <2493cfd2-1fab-d4cd-523c-0bd7413b1c86@FreeBSD.org> <20170515192944.GI1622@kib.kiev.ua> In-Reply-To: <20170515192944.GI1622@kib.kiev.ua> --frbo5V5UHc3GFGXi1RewG7rIUQqtDnV22 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 5/15/2017 12:29 PM, Konstantin Belousov wrote: > On Mon, May 15, 2017 at 12:25:20PM -0700, Bryan Drewery wrote: >> On 5/15/2017 12:00 PM, Konstantin Belousov wrote: >>> On Mon, May 15, 2017 at 06:52:36PM +0000, Alexey Dokuchaev wrote: >>>> On Mon, May 15, 2017 at 06:48:58PM +0000, Konstantin Belousov wrote:= >>>>> New Revision: 318313 >>>>> URL: https://svnweb.freebsd.org/changeset/base/318313 >>>>> >>>>> Log: >>>>> Make ld-elf.so.1 directly executable. >>>> >>>> Does it mean that old Linux' trick of /lib/ld-linux.so.2 /bin/chmod = +x >>>> /bin/chmod would now be possible on FreeBSD as well? >>> Yes. >>> >>>> Does this have any security implications? >>> What do you mean ? >>> >> >> I think for 3rd-party distributions it may be a problem. At the very >> least it needs to be communicated clearly in release notes or UPDATING= =2E >> >> Consider a downstream vendor who has support for signed binary >> executions. If rtld allows a backdoor around exec(2) to run an unsign= ed >> binary, that could be a problem for them. It is on them to add suppor= t >> to exec(2) to validate the special case of execing rtld with an >> argument, or to just disable the feature in rtld from this commit. >=20 > Note the undocumented O_VERIFY flag in open(2) from the patch. > This is very vendor-ish addition to request veriexec (?). >=20 Ah nice. --=20 Regards, Bryan Drewery --frbo5V5UHc3GFGXi1RewG7rIUQqtDnV22-- --FFLTjE6i9bxfXR2VegpjnuIwKpGNemOk6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJZGgIyAAoJEDXXcbtuRpfPdnwH/2VQ2VMruk95NA49BgiHdEht /3/JhEHZfzLUjDlddARy5EqvILWP3TqNFgqpxKTAxxEea4KtOtBQaWUN6BVpz3x0 OkX/RlnWutl47vXf1u3sza+aJI5zjTxLBbzjCsrZclhrniVD7FdpROO751mk5KHZ 5uAKdurlQ6FKtiHr1n/nofti4/Bi/LGXKZC652a85cqmteZxcbvuEbeDbI0xuWEE l0hUBwuJLVxGmhk2GJ0d+t6xT4dFEkrhtiNb9Fjlx9uzHppTbNbdQhIF5QWRwdyh fCvQBMm/kLTgZEo5qPg6T3GViQl/8WOrQTBQ9XY8IgWZ+T4cDPmR+9kaeFjCduM= =cXXj -----END PGP SIGNATURE----- --FFLTjE6i9bxfXR2VegpjnuIwKpGNemOk6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0b218455-d104-04be-d133-285f81d93456>