From owner-svn-src-head@freebsd.org Tue May 16 00:25:10 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A3806D6CBB8; Tue, 16 May 2017 00:25:10 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0104.outbound.protection.outlook.com [104.47.42.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4300B124C; Tue, 16 May 2017 00:25:09 +0000 (UTC) (envelope-from sjg@juniper.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=wFTvkcos6CxBGgqUMD/cVhR22QWJXz96XYFDHAbXpjo=; b=PuKJgf1gifuaIvJHRmwcfLqX2+Gg48Fk7Xpr9rG19E+ASX5lhPddAygGl2kX1rZ3+L04lexQpy63HSEXyHl2oGqM5VmpVNFskPHEXAx/bGU7a3VhY1XtOSL86HHCVoW/qwwQwu4Jue6m5dZ35ZFvtC81uZx0ogoMpF0YQyfb0ic= Received: from MWHPR05CA0002.namprd05.prod.outlook.com (10.168.242.140) by SN1PR05MB1983.namprd05.prod.outlook.com (10.162.132.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1084.7; Tue, 16 May 2017 00:25:08 +0000 Received: from DM3NAM05FT023.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e51::205) by MWHPR05CA0002.outlook.office365.com (2603:10b6:300:59::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1101.8 via Frontend Transport; Tue, 16 May 2017 00:25:08 +0000 Authentication-Results: spf=softfail (sender IP is 66.129.239.12) smtp.mailfrom=juniper.net; freebsd.org; dkim=none (message not signed) header.d=none;freebsd.org; dmarc=fail action=none header.from=juniper.net; Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender) Received: from p-emfe01a-sac.jnpr.net (66.129.239.12) by DM3NAM05FT023.mail.protection.outlook.com (10.152.98.133) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1075.12 via Frontend Transport; Tue, 16 May 2017 00:25:07 +0000 Received: from p-mailhub01.juniper.net (10.160.2.17) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Mon, 15 May 2017 17:24:57 -0700 Received: from kaos.jnpr.net (kaos.jnpr.net [172.21.30.60]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v4G0OuFZ008584; Mon, 15 May 2017 17:24:56 -0700 (envelope-from sjg@juniper.net) Received: from kaos.jnpr.net (localhost [127.0.0.1]) by kaos.jnpr.net (Postfix) with ESMTP id CCA2E38551F; Mon, 15 May 2017 17:24:56 -0700 (PDT) To: Konstantin Belousov CC: Bryan Drewery , Alexey Dokuchaev , , , , Subject: Re: svn commit: r318313 - head/libexec/rtld-elf In-Reply-To: <20170515192944.GI1622@kib.kiev.ua> References: <201705151848.v4FImwMW070221@repo.freebsd.org> <20170515185236.GB1637@FreeBSD.org> <20170515190030.GG1622@kib.kiev.ua> <2493cfd2-1fab-d4cd-523c-0bd7413b1c86@FreeBSD.org> <20170515192944.GI1622@kib.kiev.ua> Comments: In-reply-to: Konstantin Belousov message dated "Mon, 15 May 2017 22:29:44 +0300." From: "Simon J. Gerraty" X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <34494.1494894296.1@kaos.jnpr.net> Date: Mon, 15 May 2017 17:24:56 -0700 Message-ID: <34495.1494894296@kaos.jnpr.net> X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(39400400002)(39850400002)(39410400002)(39450400003)(39840400002)(39860400002)(2980300002)(24454002)(189002)(199003)(9170700003)(76176999)(5660300001)(50986999)(4326008)(356003)(23726003)(39060400002)(189998001)(81166006)(2906002)(2810700001)(229853002)(1411001)(47776003)(53416004)(107886003)(8936002)(6916009)(2950100002)(105596002)(7696004)(8676002)(106466001)(50226002)(305945005)(110136004)(6246003)(86362001)(6266002)(55016002)(93886004)(38730400002)(478600001)(97756001)(50466002)(77096006)(53936002)(117636001)(54906002)(7126002)(9686003)(46406003)(76506005)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR05MB1983; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; MLV:ovrnspm; MX:1; A:1; PTR:InfoDomainNonexistent; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; DM3NAM05FT023; 1:Dy+l1IS46yjT37GwMT7i43K+Ja18gDeBigNH/Q266LKGvpc9WS+iKsIJfToQod9cQxgise+rDNKBRwmmAjlxR+obgC0zlhep8oEfNs0EIaR9H4nfYcm1pWFywngu/qTD1irUoqvOxcYHpe2JX/7IOzXd66SQ/rOzdVBb1ObnfDFOJ3r/8sb4obY42vbk2sAp3sdPTsrsFufpkmEgbmls4vX6TlTxt15kt7TdKw+BWzFV8iJHiWSEIj588oCzOAQpEF3prSnkkXd/T5qtdKow9IkkpXro9eDITHRtscgFF/Xnmeta67E6gZHRvztDlv2GHYdoBvhAxehWiY4MkyGzOY1VB9ExGq4W9jQj/hQxLdz3XX/jTAJY7BJksVqG+qDvWlBoPIXO4Deu4E6GnNgFJwSx/gHbLmNEeVVaQrajgu5L//vmaP+EAx3M64giNiIWINoijjNpO2nq3OsyL7EbGlTObEqcfv1JtLpIZqnTbypvv2AHoETlN7iyk+aACaOhO1DSgzYOoonmlrZjiOt60Ft2WRk3hw1OIiSedC1T6M/i3QfW91/kOXarUeX+mQ0j23K3fBzNjg11X4RVYxAO2AgJazx0NQE70B+bk4SZARk= X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 2d33e29c-3f42-482c-28a3-08d49bf201d0 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081)(201702281549075); SRVR:SN1PR05MB1983; X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1983; 3:6RuifCOrxGycwQoetoi72ciIm15fyCmrQV7R+deZ0gHIyThz5SbKcrdMwNARUSjdmJaN2tXKH3bMES0KkrcPVFTKZugbJsMbFoCJj9JCU847OB7vS10ht0Pq0CJz0E/DtsPyPmkg/NNLwvAVhiF4a0SDnmkT00ugatMEMe/IesFr8T5Rf/XUQZgzaDym16dA7q8SjIucU7KB/Hvph5xpmGcfl3p9Qb8A8xl9DUK9pbcaYuc+ykYefY+KcvJzyv3cbedpoCTWgrjPBzKGiOAfH1rf7WPEVaUearzkBDqksE4k0Cc6Xa46beUAi79DrWu/blv1Fm8ReIWHS1jyHuQDqELd6cfTUE/Vbs1mJyRixmsdZuqLUBrvtHhHiKo+Z1hClG93Wyu9VAFSSjkUZ/bzZethMxvJcfWWXgkpk29wOktEdBa0PRuagJvrSoAkO7nSaD35z0vKs6RAW30C6HaGjjjRObAz13C87fZOsKDZ95ewCqOXA9A1Sh1StMk70Vd8 X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1983; 25:63WA72C2QweEBpYMNBNq/NYx2Z2KIIb1ZeWDdjvehQ671meGUkJn6wJe417cF67zT7KHC5iSqOJbvthHYCNaRoxLA15pKZCk0C0pMq3GxN2VRh7VgSq0Vr6Jzg4DS65XopXdCChWPkFx+KMwX5MKhk9f9Wo175ROpFQ5UoIMoUVDmMUDNrrbb0AUSieqFAvvkvXpHiduHn02JYz3UBmUCyFasrD4CMFmI4NqZIO+mm06AVvOhiV0K7kR+qLcf4/yXBTU0qJxXj8Y8zZgJY86XqyEEfkBK0h+sUdHWqqnKPAHHx79JjXrR3D9Qvu9ibLsG13/xgoBK6L2IJOCDC8Wz8q2SXrUYSzJgtpdO0sd+cGmRjkrN9oUbh+KmWCiyTExhx9uK/yl2+rKo5BMlSU/Mtssct6F2Wnm1xWLVWcoar3A9itGlVDQ+lr66q84CjUgTYPTvSGZcSWdAya67XV8YK3g0+iRIr/vbhm+TCQAbqw=; 31:Nlbjyn+H9IcoVWyK1gjcS8QzqH5dohQ5eOVvdqTWcTgrdmzsPs/OY7GW0WMXvXqx5wWefZL21v0FuN8i5TBk97I3VvnbCACqHokR0F6woi7QxyLkXmXxuKrJq6/B88ZZsr+zurl+bud3rdIHHJLMb7sLXekDKrCOz7pfPEITNiAXNbXU1Ytf08pa4+9k+nDdnEFNCxK9PqiAJSyXQoSSHswzm8xh+gGRkupvZwAk5dAWB0CPaNIs8TFGBl2I7AveCHIwgwC9/B/neOIXGsrTXA== X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1983; 20:ZsFIdiIAGwwywbOTEkdgk2hFCyonl2moSExPhQeqlbGLpbWenmOOA/2CRXMaIBnSRQwhK0yKDRrE1u2D+XH3UN13DM2bApvRE2oA0uBKfKqkLzpzTzjuG2VQgY2b5yGhPrnmPP7NaaQRCpT1iuXl+yRzj+3xVgubWicBQtRXZBvPbgbXhyc4IEF8a2lW+/q74bQcRR6TSP6eLtNX+sbwgLSJ10AdFlhyOZ7MXxcTLHqnUnii8g/Dh8YW5AuU4hWmmzaTWcfEmO7L4R5pCfcIeoqgyss9l3Skc0RyFjnvaicd7zRFTlGkm9W3Ugt4TF459xsnP9cFzXI8LO5x+uyJs+nC5KVXHK2TuO55Ypi4OWMwImjz9fmJG3QW/kMIHB1HfNqcRnBCpLtHJD+YSIXsydc/jxDgSobESwkXaDj9tIOJzrIBHWvRrpyJj7bYoVkhMk7dSxSgjGuFv6maLBcnR3YIXKX12DlnY5MXvqQsQ3P6gs7rZRmELu+KJGzawbMB X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(13023025)(13018025)(13024025)(5005006)(8121501046)(13015025)(13017025)(3002001)(93006095)(93003095)(10201501046)(6055026)(6041248)(20161123562025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123555025)(20161123558100)(6072148); SRVR:SN1PR05MB1983; BCL:0; PCL:0; RULEID:; SRVR:SN1PR05MB1983; X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1983; 4:jCzdcAKu/TstMHC1FjZerwClLd1ZNuJmmnhAjSVB9wrLBMmWvObrhmlhOuPiZko/DQ0Vi9tO1hPJfSWLLugWsSWzIwDBKhD1seogd0C/ONvvjalDMu9AGawad/tt6j3uG2SZhekLfLPaoocjJXWshroBmjPou1oHUR1aWwKyaL+WKt2AQ6vXokmLSJpjxk74/yMHMdWujJ/BYJvaNFbcN2yFTvv5+Ibt9Q1+zFHm7Rxr8Kyk6Kgq2uynzuEclJwuOO4/J2G80b5oJKQ8VX98sAwzKIhLpHXSwqVcq47SVfTKKmCXOtg8VDoyUdQsTfp4are/0p6tF7U9PTd54FOzznD1doRmkdKaObOu+SqdZ8ca5x5ytyE6z967HNdxpGLZZcKM1HDBGA1vWqQKUsaBaTef8l14vzGabbrSdB0/4d0m00f903FAQdMwrPVm3jLJLMPUFsdB+Ek9kjxYHty7WKSA1ElsFPOkRDJuXxMp0V294P9BqDQx0EBAULTll2ACut5Svd0/22euoXkKzJ4jnMk7l8euxjO7pJ+I1FWDrX+udivbX58UXLLod11Jo+zxHGWebm1RVXTiNXTRL7g3sSFRaxUKLvq2MT4fHLNGDYmzrtz3WunTfV88s8Ilu7+lcJt5KWdRf2fRpgI64WPGf/GqvVx8bQFeGQebEo6i5/JZP63On75S3oNgBS4qecar7gqsqUtU4oAdHzs9eqF6sFpqdJ/JiY4vrz0s28i/ouwEm7AMvuudvc8QdU/6QMJXr+9VSaCUAdLaj8smHCB5BtIo+eFZocaurZFwFnxHotY/pvZsP8kRlLVFqacmysKIUPWbGBqTcnRT6sIpgkVk7fyXrj7I5sGLXC9DKFBJgeD+D+fSMkmWXXgiW4ApY3Fy+mFp1Ocin5732reXepbRhQ== X-Forefront-PRVS: 03094A4065 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR05MB1983; 23:yvC1/bVzZmy64S369p1aBZpY9nOSq1boqPxViKJN5?= =?us-ascii?Q?yh0DjH2qTihLKGLaeVEEyTdyhaBDtuSg55U7FYFqO95Qrf5p80z3c9DNVjPN?= =?us-ascii?Q?zeWgJPEXExbBpQBVVj2+Ja6K/ZuIjlw5c1XlUexmwyeQKFbPlGFqEtUc7Iu8?= =?us-ascii?Q?zFqGdvrI1YdnN0NY67L/9Pv5OyEXTO3f+MMns4XiXhZHdKzgkLV82NZMiDoY?= =?us-ascii?Q?R9+DW4WtPSe8cb57mTntJfqT497mtc5MTpyJFftDlDQ4KDunJU8mWlU55vSl?= =?us-ascii?Q?5GJbaOruysF8iQpciMmD1OuoJnyZVP9oo9BFFVP5gomxtcdcFM9wdsRgojGY?= =?us-ascii?Q?4asA5fuqz1osFxnKcnYHlwXSerMmiLBG+4obVon6DPsZZweRGQABvAjmP2wM?= =?us-ascii?Q?rjOiCDYw7Ivt1vubXvo5tfhlxwfBppiEVCjyK7o49J0VxcWuDdf8hMOPNMzU?= =?us-ascii?Q?f0SvBmPL5sx/LiKWrs9MbMEWcrN0LZ2Y/9EL8p4zeccpy48T32Ktc3PQdZej?= =?us-ascii?Q?iHchOA66+bFgbK+PdPKciqtwwotrSILEP4JLfDZcyIVteRe09Fqa8OtCH3Z/?= =?us-ascii?Q?CPDvWIosjC4ZG9sRk0e3z/M4zWccDoGv3BSuS5/No6WO6RHtu/FpY8/smWC/?= =?us-ascii?Q?spqxlYe6rk9M+La+sl+uA9a86ix4xTzhXzKuR1Zgoxm0dqsKSFjE48OjQlwP?= =?us-ascii?Q?BJ1mklmEwKQsZesk59xprdn9nTqeM0G/vaP1tRgQp1+onD8bg1gUEipK7ZzZ?= =?us-ascii?Q?S7pHhfBqPuqizSbJC9gRjYTPaHc+Ls08vey35ij8AEZHi1ffdqfLRW/EhBiv?= =?us-ascii?Q?XZIUHxDY00vVfbPHfY5LwdFCjc6CKKVYU4Te2dKoUrlBlA7SsEoRWve/rHqr?= =?us-ascii?Q?d0QDWj3IsoW5MmChojxTq3KrD2mhG9wUTI2sAojNGbtNqu8nlArqyzaEbigL?= =?us-ascii?Q?MVJiKpbGcw+qQtxC4DkwBdzUg04fNXMR5/+8X2rWoKlamESQXZpBN9DuXgAc?= =?us-ascii?Q?OM5NIuvRdbKbrKM3P4mzfiu9jwbCYC4QdsfMGJ9YDg5fshexDy3sNIexqzbZ?= =?us-ascii?Q?XlrzDvbFKyC/mJpjcnSGvc7kMiLJhmetZslOnR8sK5DbmArLi3wukFguqFih?= =?us-ascii?Q?nV6UwPgj347oUKfo4XHw2FqqCR67kyyWpN4ZExAlY+6fxO0iKSFk2pItXSCG?= =?us-ascii?Q?Lsi3cwTH8OD3jpyH0qiwcg3wbQvYihK47phCQFBMUdwsCPOPZOo2abrkgcGU?= =?us-ascii?Q?rHUXYsff9GWyHnyPbBYP7mWPHLh8vULB3AfnUO1l3uTtewUt+kkBlF+11nl3?= =?us-ascii?Q?Ln+IVJZIYSKqiQvRwnnX8SGJeDC6mVf0xkjZeOcctr0dsggUpOkkUYo4LvW0?= =?us-ascii?Q?AkwEQ=3D=3D?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1983; 6:UC9Ulboa7uG5vgqk2YVtDBssRh4S3tdhFhFiSd7T+9rl2U9AtBxkFm1GzzlgPnUrH+TmyHhYW+She0uYIOmWemLHwV3PMjz5xkFBZZi08j8m3zddehB4JiDQDEqgcoTmCsMAVBbam9BEasqUybwHf7JkJj6C7CeG3irTCk24Z/LdNM6NOJ5HOsiODzx1I9ahE/wK1bgspWr1x5Kzmsu9P9f96EtNbe149o6420DKFi0namEsD2RG0gYlcWWlZb+p+dZxayAWtDZWAbX2/E1G/GlvTiXRCAxaceEzNxMYouT+iD9KNbcbnVAImf03NU80AadfpvFaTge3iR9N9ss2VUWwgOT3avv5VzdpIPR/AEVXPg5eU1rQvKhWOfvN7Fbu5XA5I83gUeCsZtr/6Gn5GziynUV0JV2Z711B2AojnDTZw6toEymyPFN0LqDnt4rES3ZGtN8Vkggaxw3y/xIH2j3D7yd/w32YijjixykUsXkEtCviQpb/oVSSMLEHeneOdATo0JscEc1mRRiiQD4tVzpSBjVYlPI1JDcgGEtX9GE=; 5:71TBfmKeDHpjzyf85LThxbDNsXjsqPWDT3499aqQDmwTwTeK2T+ORTamqSdmtohLj0hcV1WNVgf87NuPr1sIEQxG6GnvdyyKrL+VoYqenqDs436YMoVP3pNEQBzsbS+n0PYjWYJ/0JZO8E43DD12zA==; 24:1NRiADSoVafDvWIGtBUKbycj0U7ZeUGfj+aEW39vqj9jBWva18XkglDOpr0iCwJ4xPsKQOl8GtrwiKu/XO0ykeRCp2CLsQnO9Pw4wpFvdmU= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1983; 7:wG0uG0pRoFveZw0OCFq0zF5a68D2SHYahuNRTQ/mMM2710yPaTHqYYIrlkXBGuukMm0CcOg9NgMdRS/VLUuKhJfcibKwMdYrWev1+F0+QYFU5lxggRJXSQqiC10I4sw5LOEZzdElVom8ACCp/M8/nEeqlipM+NL16lXYCghckugE4zh9J6LM/U6YDxlgdgI4Tlnwqtwq7/Uuyi+fJRth55zaEGvwwRWoXH2frE+ZKzVpnuK4RMNUUfrxNacDj5AoRw9GUGKZ9mWra6SnW2EAaHfbTICvy4moyZWHopq9kuKx6Oq6G5R+WYDZ4eK6e7h1CIGxyRwCUhacRrKxbNdY4w== X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 May 2017 00:25:07.3646 (UTC) X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[p-emfe01a-sac.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR05MB1983 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 May 2017 00:25:10 -0000 Konstantin Belousov wrote: > > Consider a downstream vendor who has support for signed binary > > executions. If rtld allows a backdoor around exec(2) to run an unsigned > > binary, that could be a problem for them. It is on them to add support > > to exec(2) to validate the special case of execing rtld with an > > argument, or to just disable the feature in rtld from this commit. > > Note the undocumented O_VERIFY flag in open(2) from the patch. > This is very vendor-ish addition to request veriexec (?). Yep, we make rtld use O_VERIFY so that it will not load/link anything which is unsigned.