From owner-svn-src-all@FreeBSD.ORG Sun Jan 15 02:15:14 2012 Return-Path: Delivered-To: svn-src-all@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 92A101065672 for ; Sun, 15 Jan 2012 02:15:14 +0000 (UTC) (envelope-from ache@vniz.net) Received: from vniz.net (vniz.net [194.87.13.69]) by mx1.freebsd.org (Postfix) with ESMTP id 02D348FC15 for ; Sun, 15 Jan 2012 02:15:13 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by vniz.net (8.14.5/8.14.5) with ESMTP id q0F2F7J5089333; Sun, 15 Jan 2012 06:15:07 +0400 (MSK) (envelope-from ache@vniz.net) Received: (from ache@localhost) by localhost (8.14.5/8.14.5/Submit) id q0F2F6Aa089332; Sun, 15 Jan 2012 06:15:06 +0400 (MSK) (envelope-from ache) Date: Sun, 15 Jan 2012 06:15:06 +0400 From: Andrey Chernov To: Xin LI Message-ID: <20120115021505.GA88927@vniz.net> Mail-Followup-To: Andrey Chernov , Xin LI , Kostik Belousov , Alexander Kabaev , John Baldwin , Colin Percival , src-committers@FreeBSD.ORG, svn-src-all@FreeBSD.ORG, svn-src-head@FreeBSD.ORG References: <201112231500.pBNF0c0O071712@svn.freebsd.org> <201112231058.46642.jhb@freebsd.org> <201112231122.34436.jhb@freebsd.org> <20111223120644.75fe944d@kan.dyndns.org> <20111223175143.GJ50300@deviant.kiev.zoral.com.ua> <20111224100509.GA98136@vniz.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Cc: src-committers@FreeBSD.ORG, John Baldwin , svn-src-all@FreeBSD.ORG, svn-src-head@FreeBSD.ORG, Colin Percival , Kostik Belousov , Alexander Kabaev Subject: Re: svn commit: r228843 - head/contrib/telnet/libtelnet head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec... X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Jan 2012 02:15:14 -0000 On Sat, Dec 24, 2011 at 02:26:20AM -0800, Xin LI wrote: > chroot(2) can create legitimate and secure environment where dlopen(2) > is safe and necessary. It seems it is internal contradiction in your argumentation: 1) You state that chroot(2) can create legitimate environment. 2) For ftpd's you disable .so loading in any case, i.e. even for legitimate environment too and you want to do so intentionally refusing passing responsibility to chroot(2) environment creator. In that situation the only suggestion of something like public interface is setting enviroment variable like "LD_SO_DISABLE" which prevents .so loading in libc. This is more clear than your stopgap. And please don't say that enviroment variable can be overwritten by the user inside ftpd itself, it is not so. And for case when some ftpd allows to call _any_ external program, it could do anything, like with your stopgap too. -- http://ache.vniz.net/