Date: Mon, 15 May 2017 22:29:44 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: Bryan Drewery <bdrewery@FreeBSD.org> Cc: Alexey Dokuchaev <danfe@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r318313 - head/libexec/rtld-elf Message-ID: <20170515192944.GI1622@kib.kiev.ua> In-Reply-To: <2493cfd2-1fab-d4cd-523c-0bd7413b1c86@FreeBSD.org> References: <201705151848.v4FImwMW070221@repo.freebsd.org> <20170515185236.GB1637@FreeBSD.org> <20170515190030.GG1622@kib.kiev.ua> <2493cfd2-1fab-d4cd-523c-0bd7413b1c86@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 15, 2017 at 12:25:20PM -0700, Bryan Drewery wrote: > On 5/15/2017 12:00 PM, Konstantin Belousov wrote: > > On Mon, May 15, 2017 at 06:52:36PM +0000, Alexey Dokuchaev wrote: > >> On Mon, May 15, 2017 at 06:48:58PM +0000, Konstantin Belousov wrote: > >>> New Revision: 318313 > >>> URL: https://svnweb.freebsd.org/changeset/base/318313 > >>> > >>> Log: > >>> Make ld-elf.so.1 directly executable. > >> > >> Does it mean that old Linux' trick of /lib/ld-linux.so.2 /bin/chmod +x > >> /bin/chmod would now be possible on FreeBSD as well? > > Yes. > > > >> Does this have any security implications? > > What do you mean ? > > > > I think for 3rd-party distributions it may be a problem. At the very > least it needs to be communicated clearly in release notes or UPDATING. > > Consider a downstream vendor who has support for signed binary > executions. If rtld allows a backdoor around exec(2) to run an unsigned > binary, that could be a problem for them. It is on them to add support > to exec(2) to validate the special case of execing rtld with an > argument, or to just disable the feature in rtld from this commit. Note the undocumented O_VERIFY flag in open(2) from the patch. This is very vendor-ish addition to request veriexec (?).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170515192944.GI1622>