Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 15 Jan 2012 02:44:35 -0800
From:      Xin LI <delphij@gmail.com>
To:        Andrey Chernov <ache@freebsd.org>, Xin LI <delphij@gmail.com>,  Kostik Belousov <kostikbel@gmail.com>, Alexander Kabaev <kabaev@gmail.com>, John Baldwin <jhb@freebsd.org>,  Colin Percival <cperciva@freebsd.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   Re: svn commit: r228843 - head/contrib/telnet/libtelnet head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec...
Message-ID:  <CAGMYy3uLcak-aQ9oPVRB%2BOARVtj_faXQL-txttAxhgqq2m6Yvw@mail.gmail.com>
In-Reply-To: <20120115021505.GA88927@vniz.net>
References:  <201112231500.pBNF0c0O071712@svn.freebsd.org> <201112231058.46642.jhb@freebsd.org> <201112231122.34436.jhb@freebsd.org> <20111223120644.75fe944d@kan.dyndns.org> <20111223175143.GJ50300@deviant.kiev.zoral.com.ua> <20111224100509.GA98136@vniz.net> <CAGMYy3s4YM-j165o9p%2BEDgMf0%2BaJq7gKj5yR=LK8_yfECnbtog@mail.gmail.com> <20120115021505.GA88927@vniz.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jan 14, 2012 at 6:15 PM, Andrey Chernov <ache@freebsd.org> wrote:
> On Sat, Dec 24, 2011 at 02:26:20AM -0800, Xin LI wrote:
>> chroot(2) can create legitimate and secure environment where dlopen(2)
>> is safe and necessary.
>
> It seems it is internal contradiction in your argumentation:
> 1) You state that chroot(2) can create legitimate environment.
> 2) For ftpd's you disable .so loading in any case, i.e. even for
> legitimate environment too and you want to do so intentionally refusing
> passing responsibility to chroot(2) environment creator.
>
> In that situation the only suggestion of something like public interface
> is setting enviroment variable like "LD_SO_DISABLE" which prevents .so
> loading in libc.
>
> This is more clear than your stopgap.
>
> And please don't say that enviroment variable can be overwritten by the
> user inside ftpd itself, it is not so. And for case when some ftpd allows
> to call _any_ external program, it could do anything, like with your
> stopgap too.

Why you need anything if the program needs to run something inside the
chroot, which means one already have set up a full chroot environment?

Cheers,
-- 
Xin LI <delphij@delphij.net> https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGMYy3uLcak-aQ9oPVRB%2BOARVtj_faXQL-txttAxhgqq2m6Yvw>