Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 15 May 2017 22:30:22 +0000
From:      Alexey Dokuchaev <danfe@FreeBSD.org>
To:        rgrimes@freebsd.org
Cc:        Nikolai Lifanov <lifanov@freebsd.org>, Konstantin Belousov <kib@freebsd.org>, svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r318313 - head/libexec/rtld-elf
Message-ID:  <20170515223022.GA91860@FreeBSD.org>
In-Reply-To: <201705152000.v4FK0meq054533@pdx.rh.CN85.dnsmgr.net>
References:  <20170515192326.GB28684@FreeBSD.org> <201705152000.v4FK0meq054533@pdx.rh.CN85.dnsmgr.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 15, 2017 at 01:00:48PM -0700, Rodney W. Grimes wrote:
> > On Mon, May 15, 2017 at 03:09:33PM -0400, Nikolai Lifanov wrote:
> > > On 05/15/2017 14:52, Alexey Dokuchaev wrote:
> > ...
> > Because /bin/chmod is owned by root, not because /libexec/ld-elf.so.1 is
> > limiting execution to root only, or is it (I might have missed uid check
> > in that patch [1], but at a quick glance I didn't see it).
> > 
> > On a living system, there are plenty of other ways to restore missing
> > +x on /bin/chmod as long as you can call chmod(2), from simple Python
> > script down to manually crafting small binary in hex.
> 
> Simple tool to get out of this is use of install(8) to "install" your
> broken chmod to another file with proper modes.  And if you lost that
> one you could use mtree(8) with a easily crafted input file.

Right.  Like I've said, there are plenty of ways.  In the mean time...

While we've been somewhat calmed by r313967, which had secured us from
consequences of running binaries from filesystems mounted with -o noexec,
few questions had remained unanswered so far:

  - Would doing chmod -x /libexec/ld-elf.so.1 break anything from now on?
  - Does it make sense to implement something like [1]?
  - Could original "MFC after: 2 weeks" be extended a bit to give more
    time to gather enough feedback?  I don't see the need for the rush.

./danfe

> > [1] Idea for security.bsd.ld_elf_exec_root_only sysctl(8)?



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170515223022.GA91860>