From owner-freebsd-current@FreeBSD.ORG Mon Jul 29 08:13:02 2013 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 06A00D9E; Mon, 29 Jul 2013 08:13:02 +0000 (UTC) (envelope-from mjguzik@gmail.com) Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com [IPv6:2a00:1450:400c:c05::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 4005C2462; Mon, 29 Jul 2013 08:13:01 +0000 (UTC) Received: by mail-wi0-f169.google.com with SMTP id f14so521848wiw.2 for ; Mon, 29 Jul 2013 01:12:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=nMbXmKr4LmwOy1Fjzt49iNu1QU13GS5a5Zmtd8XBZcw=; b=mr0ticIRelmyVsiOKo9K9jyZtQy4Zr0Qd9o1HJMVv0n/foOBlLM7cAaP/m+Mh5tv+o feec7e9ftzZuuJA5T1K6yC2YkeU78nx1EQ2FmTdjyeLEbdKjPDZLoHMXlarFdMyW0VKR JF8PoZ5wHDOr0n3Qu8IAeUTUfv3QWgbOCBFl9YDV7zYORzvRqx2wEW1ny5jSzpwRvKNy 7oK2rlHbt64LBoxVKE2xIx9yHDtUdYQX1j8mxc37ZwTVoOIrNTdyJXvEK/A+/qjVguHy wcyQ8uVCZHy9sF8fjvM+Ly4P5fCQu+PoVruC7BuwsQz+q/f7lwMAw6+1wlLj2UHbt1/Q s7wg== X-Received: by 10.194.133.106 with SMTP id pb10mr41813097wjb.62.1375085579605; Mon, 29 Jul 2013 01:12:59 -0700 (PDT) Received: from dft-labs.eu (n1x0n-1-pt.tunnel.tserv5.lon1.ipv6.he.net. [2001:470:1f08:1f7::2]) by mx.google.com with ESMTPSA id em1sm13946612wib.3.2013.07.29.01.12.57 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Mon, 29 Jul 2013 01:12:58 -0700 (PDT) Date: Mon, 29 Jul 2013 10:12:54 +0200 From: Mateusz Guzik To: Julian Elischer Subject: Re: ldd runs linux programs Message-ID: <20130729081254.GB32322@dft-labs.eu> Mail-Followup-To: Mateusz Guzik , Julian Elischer , Gennady Proskurin , freebsd-current@freebsd.org, markj@freebsd.org References: <20130728193110.GB17514@gpr.nnz-home.ru> <20130728204958.GA32322@dft-labs.eu> <51F5D491.1080803@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <51F5D491.1080803@freebsd.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Gennady Proskurin , freebsd-current@freebsd.org, markj@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jul 2013 08:13:02 -0000 On Mon, Jul 29, 2013 at 10:33:53AM +0800, Julian Elischer wrote: > On 7/29/13 4:49 AM, Mateusz Guzik wrote: > >On Sun, Jul 28, 2013 at 11:31:10PM +0400, Gennady Proskurin wrote: > >>Hello. > >>When linux binary is passed to FreeBSD's ldd as argument, this binary is executed. > >>I'm sure this is bug :) > >>(with security involved) > >> > >I have a patch for this, but never got around to commit it. > > > >http://people.freebsd.org/~mjg/patches/ldd-non-freebsd-ignore.diff > > > >If someone wants, go ahead and steal it. > > > For those of us that are not ldd experts, why does this happen, > what's the history and > what happends on Linux? > I vagualy remember that linux may somehow execute something in this > case but my memory is very vague on the topic. right, sorry. Short version is that both FreeBSD and Linux ldd set LD_TRACE_LOADED_OBJECTS environment variable and run the binary expecting runtime linker to act accordingly. However, FreeBSD sets LD*32*_TRACE_LOADED_OBJECTS for 32-bit binaries, thus Linux linker just proceeds with execution. Looks like we have several PRs related to this, notably http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/127276 . and looks like markj (cc-ed) took another PR, someone should clean this up. 127276 suggests running the binary as is (which I don't like) and achieves this with a hacky way. So if we really want to do this, the patch should be reworked to detect Linux binaries properly. In general we should gain linux_ldd (like linux_kdump) and our ldd should work only on FreeBSD binaries. The last part is achieved with my patch. markj, are you working on this? -- Mateusz Guzik