Date: Mon, 15 May 2017 17:24:56 -0700 From: "Simon J. Gerraty" <sjg@juniper.net> To: Konstantin Belousov <kostikbel@gmail.com> Cc: Bryan Drewery <bdrewery@freebsd.org>, Alexey Dokuchaev <danfe@freebsd.org>, <src-committers@freebsd.org>, <svn-src-all@freebsd.org>, <svn-src-head@freebsd.org>, <sjg@juniper.net> Subject: Re: svn commit: r318313 - head/libexec/rtld-elf Message-ID: <34495.1494894296@kaos.jnpr.net> In-Reply-To: <20170515192944.GI1622@kib.kiev.ua> References: <201705151848.v4FImwMW070221@repo.freebsd.org> <20170515185236.GB1637@FreeBSD.org> <20170515190030.GG1622@kib.kiev.ua> <2493cfd2-1fab-d4cd-523c-0bd7413b1c86@FreeBSD.org> <20170515192944.GI1622@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Konstantin Belousov <kostikbel@gmail.com> wrote: > > Consider a downstream vendor who has support for signed binary > > executions. If rtld allows a backdoor around exec(2) to run an unsigned > > binary, that could be a problem for them. It is on them to add support > > to exec(2) to validate the special case of execing rtld with an > > argument, or to just disable the feature in rtld from this commit. > > Note the undocumented O_VERIFY flag in open(2) from the patch. > This is very vendor-ish addition to request veriexec (?). Yep, we make rtld use O_VERIFY so that it will not load/link anything which is unsigned.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34495.1494894296>