Date: Mon, 2 Nov 2020 22:41:38 +0100 From: Stefan Esser <se@freebsd.org> To: Oliver Pinter <oliver.pntr@gmail.com> Cc: src-committers <src-committers@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>, svn-src-head@freebsd.org Subject: Re: svn commit: r367280 - head/lib/libc/gen Message-ID: <338fdfbb-6fad-0e44-5df6-b5a1c38d3e4f@freebsd.org> In-Reply-To: <CAPjTQNGoy_%2BNc=VvbC=9oNOf_FG4oM0XNaHv%2Bq5oDsvpngSUOQ@mail.gmail.com> References: <202011021848.0A2Im7Kx098921@repo.freebsd.org> <CAPjTQNGoy_%2BNc=VvbC=9oNOf_FG4oM0XNaHv%2Bq5oDsvpngSUOQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --p9ToTsPqS3y8vvcx5THMtlQZXM8EQB6CM Content-Type: multipart/mixed; boundary="47TTESs5KIGoigC7ptry3ouLNurmXMUeK"; protected-headers="v1" From: Stefan Esser <se@freebsd.org> To: Oliver Pinter <oliver.pntr@gmail.com> Cc: src-committers <src-committers@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>, svn-src-head@freebsd.org Message-ID: <338fdfbb-6fad-0e44-5df6-b5a1c38d3e4f@freebsd.org> Subject: Re: svn commit: r367280 - head/lib/libc/gen References: <202011021848.0A2Im7Kx098921@repo.freebsd.org> <CAPjTQNGoy_+Nc=VvbC=9oNOf_FG4oM0XNaHv+q5oDsvpngSUOQ@mail.gmail.com> In-Reply-To: <CAPjTQNGoy_+Nc=VvbC=9oNOf_FG4oM0XNaHv+q5oDsvpngSUOQ@mail.gmail.com> --47TTESs5KIGoigC7ptry3ouLNurmXMUeK Content-Type: multipart/mixed; boundary="------------50A5C1A53B712B2604F9B991" Content-Language: en-US This is a multi-part message in MIME format. --------------50A5C1A53B712B2604F9B991 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Am 02.11.20 um 20:20 schrieb Oliver Pinter:> On Monday, November 2,=20 2020, Stefan E=C3=9Fer <se@freebsd.org > <mailto:se@freebsd.org>> wrote: >=20 > Author: se > Date: Mon Nov=C2=A0 2 18:48:06 2020 > New Revision: 367280 > URL: https://svnweb.freebsd.org/changeset/base/367280 > <https://svnweb.freebsd.org/changeset/base/367280>; >=20 > Log: > =C2=A0 Re-arrange some of the code to separate writable user tree > variables from > =C2=A0 R/O variables. >=20 > =C2=A0 While here fix some nearby style. No functional change inte= nded. >=20 > =C2=A0 MFC after:=C2=A0 =C2=A0 1 month >=20 >=20 > Is there any phabricator reference for this / these commit(s) + reviewe= r=20 > lists? The previous commit that has been refined in this one has been discussed in D27009. I had added the new R/W sysctl variable to a switch statement that contained one R/O string value, and excluded the OID from causing an error return when a new value had been passed. This was functionally OK, but I have decided to move handling of the new writable variable to before the check for a write attempt and thus need to test specifically for its OID. This sysctl variable is referenced in Scott Longs proposed getlocalbase() function (D27022), but also in the change to make it define defaults paths in /etc/defaults/rc.conf (D27014). I do not support to make LOCALBASE dynamic for a broad range of programs, since this could lead to severe security issues (e.g. when a program is restricted by policy settings LOCALBASE/etc and an user-defined LOCALBASE could be used to circumvent them. There are already programs that respect a LOCALBASE environment variable, e.g. the pkg program, to allow it to e.g. operate with a DESTDIR prefix other than "/". This is a program that could instead use getlocalbase(), IMHO. But for security reasons all files that determine policies and exist in LOCALBASE since they are not distributed as part of the base system, should be located in a secure way, and that is by referring to a compiled in trusted path, IMHO. Even if the sysctl variable "user.localbase" can only be written to by root, the use of getlocalbase() provided by a shared library could allow to perform a LD_PRELOAD attack (provide a getlocalbase() that leadsto a user provided policy file instead of the admin controlled one). Regards, STefan --------------50A5C1A53B712B2604F9B991-- --47TTESs5KIGoigC7ptry3ouLNurmXMUeK-- --p9ToTsPqS3y8vvcx5THMtlQZXM8EQB6CM Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEEo3HqZZwL7MgrcVMTR+u171r99UQFAl+gfRIFAwAAAAAACgkQR+u171r99UQH TAf/cEQAU5xPuY6JtIJWXP0zr6VjTWYmv4yWp7NEFQz8UKgOlB++dcD/vErPzsW1Ab1gRgaj+i1q 4ZTlGuKkV5z9+Bn2cMQoLTRP0T6W8WyE1QD/eVDseSO2DakS8hyQHWoQ+eGOs3rTZKQUA8R59ZPZ g7j4K6qZ+yQity1xeNc505ZT0dIthWtr/Cbmg/djUi0hl1cFz1v81rSlb/ugBCpbFPYnC2KOXe3r uU1RQLGZO9rZIZZAyEpdW5P6vK/1sgmEx5hi7GcnKtSJtzoCw/17GhNFZKS3SCq4F7rHnD3nG26C FeJ4Apd9EVfmc3Bu3W64HvVEXiY81KDDT2sJ3K4Gxw== =0Og+ -----END PGP SIGNATURE----- --p9ToTsPqS3y8vvcx5THMtlQZXM8EQB6CM--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?338fdfbb-6fad-0e44-5df6-b5a1c38d3e4f>