Date: Thu, 29 Dec 2011 11:15:44 -0800 From: Xin Li <delphij@delphij.net> To: Andrey Chernov <ache@freebsd.org>, d@delphij.net, John Baldwin <jhb@FreeBSD.ORG>, freebsd-security@FreeBSD.ORG, Doug Barton <dougb@FreeBSD.ORG> Subject: Re: svn commit: r228843 - head/contrib/telnet/libtelnet head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec... Message-ID: <4EFCBC60.3080607@delphij.net> In-Reply-To: <20111229183606.GA48785@vniz.net> References: <201112231500.pBNF0c0O071712@svn.freebsd.org> <4EF6444F.6090708@FreeBSD.org> <CAGMYy3uzLXMvw40q1hM9dnHGxxh%2BeO_8Y1nbNKsPSB_Aenmm7w@mail.gmail.com> <201112290939.53665.jhb@freebsd.org> <4EFCB0C9.6090608@delphij.net> <20111229183606.GA48785@vniz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/29/11 10:36, Andrey Chernov wrote: > On Thu, Dec 29, 2011 at 10:26:17AM -0800, Xin Li wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On 12/29/11 06:39, John Baldwin wrote: >>> Can you give some more details on why ftpd is triggering a >>> dlopen inside of the chroot? It would appear that that is >>> unrelated to helper programs (since setting a flag in libc in >>> ftpd can't possibly affect helper programs ability to use >>> dlopen() from within libc). >> >> Sure. That's because nsdispatch(3) would reload >> /etc/nsswitch.conf if it notices a change. After chroot() the >> file is considered as "chang"ed and thus it reloads the file as >> well as designated shared libraries. > > Another proposal more close to @secteam version, but less ugly: to > have public API rtld function (or env variable) which prevents > _any_ dlopen(), not guarded currently by libc only. Would you please elaborate how this would be less ugly (e.g. with a patch)? > That way only rtld and ftpd's needs to be rebuilded, but not libc > itself. We discussed a change like this but IIRC it was rejected because the affected surface is too broad and we wanted to limit it to just the implicit dlopen()s to avoid breaking legitimate applications. Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk78vGAACgkQOfuToMruuMA6RwCfWP6Lqq6P4vcmL9MbsOI+uV9R wEQAnRyKe6vGvEdnuDPbBkP5kKdvLC8Q =jwOs -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EFCBC60.3080607>