From owner-freebsd-security@FreeBSD.ORG  Thu Dec 29 19:42:39 2011
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7027E106564A;
	Thu, 29 Dec 2011 19:42:39 +0000 (UTC) (envelope-from ache@vniz.net)
Received: from vniz.net (vniz.net [194.87.13.69])
	by mx1.freebsd.org (Postfix) with ESMTP id D20388FC08;
	Thu, 29 Dec 2011 19:42:38 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by vniz.net (8.14.5/8.14.5) with ESMTP id pBTJgVTf050224;
	Thu, 29 Dec 2011 23:42:32 +0400 (MSK) (envelope-from ache@vniz.net)
Received: (from ache@localhost)
	by localhost (8.14.5/8.14.5/Submit) id pBTJgVUG050223;
	Thu, 29 Dec 2011 23:42:31 +0400 (MSK) (envelope-from ache)
Date: Thu, 29 Dec 2011 23:42:30 +0400
From: Andrey Chernov <ache@FreeBSD.ORG>
To: d@delphij.net
Message-ID: <20111229194229.GA49908@vniz.net>
Mail-Followup-To: Andrey Chernov <ache@freebsd.org>, d@delphij.net,
	John Baldwin <jhb@FreeBSD.ORG>, freebsd-security@FreeBSD.ORG,
	Doug Barton <dougb@FreeBSD.ORG>
References: <201112231500.pBNF0c0O071712@svn.freebsd.org>
	<4EF6444F.6090708@FreeBSD.org>
	<CAGMYy3uzLXMvw40q1hM9dnHGxxh+eO_8Y1nbNKsPSB_Aenmm7w@mail.gmail.com>
	<201112290939.53665.jhb@freebsd.org> <4EFCB0C9.6090608@delphij.net>
	<20111229183606.GA48785@vniz.net> <4EFCBC60.3080607@delphij.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4EFCBC60.3080607@delphij.net>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: freebsd-security@FreeBSD.ORG, Doug Barton <dougb@FreeBSD.ORG>,
	John Baldwin <jhb@FreeBSD.ORG>
Subject: Re: svn commit: r228843 - head/contrib/telnet/libtelnet
 head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen
 head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec...
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Dec 2011 19:42:39 -0000

On Thu, Dec 29, 2011 at 11:15:44AM -0800, Xin Li wrote:
> Would you please elaborate how this would be less ugly (e.g. with a
> patch)?

Why doing a patch if you apparently don't care? )
In few words, it less ugly because it 1) will be public API, 2) will 
restrict all possibe future dlopen() usage (f.e. someday tar, which used 
in some ftpds, can use dlopen() to load its formats etc.)

> We discussed a change like this but IIRC it was rejected because the
> affected surface is too broad and we wanted to limit it to just the
> implicit dlopen()s to avoid breaking legitimate applications.

Instead of total disabling we can (by calling rtld function) restrict 
dlopen() in ftpd() to absolute path of know safe directories list like 
"/etc" "/lib" "/usr/lib" etc.

-- 
http://ache.vniz.net/