Date: Thu, 29 Dec 2011 12:15:31 -0800 From: Xin Li <delphij@delphij.net> To: Andrey Chernov <ache@freebsd.org>, d@delphij.net, John Baldwin <jhb@FreeBSD.ORG>, freebsd-security@FreeBSD.ORG, Doug Barton <dougb@FreeBSD.ORG> Subject: Re: svn commit: r228843 - head/contrib/telnet/libtelnet head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec... Message-ID: <4EFCCA63.5070409@delphij.net> In-Reply-To: <20111229194229.GA49908@vniz.net> References: <201112231500.pBNF0c0O071712@svn.freebsd.org> <4EF6444F.6090708@FreeBSD.org> <CAGMYy3uzLXMvw40q1hM9dnHGxxh%2BeO_8Y1nbNKsPSB_Aenmm7w@mail.gmail.com> <201112290939.53665.jhb@freebsd.org> <4EFCB0C9.6090608@delphij.net> <20111229183606.GA48785@vniz.net> <4EFCBC60.3080607@delphij.net> <20111229194229.GA49908@vniz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/29/11 11:42, Andrey Chernov wrote: > On Thu, Dec 29, 2011 at 11:15:44AM -0800, Xin Li wrote: >> Would you please elaborate how this would be less ugly (e.g. with >> a patch)? > > Why doing a patch if you apparently don't care? ) Ok now you don't have to do a patch. I had asked because sometimes a patch would better describe what would be done, especially for abstract concepts like ugliness of code. As Alfred recently posted in a different thread, you may have a great idea in your mind but without the same background knowledge it's sometimes hard for others to understand it. > In few words, it less ugly because it 1) will be public API, 2) > will restrict all possibe future dlopen() usage (f.e. someday tar, > which used in some ftpds, can use dlopen() to load its formats > etc.) > >> We discussed a change like this but IIRC it was rejected because >> the affected surface is too broad and we wanted to limit it to >> just the implicit dlopen()s to avoid breaking legitimate >> applications. > > Instead of total disabling we can (by calling rtld function) > restrict dlopen() in ftpd() to absolute path of know safe > directories list like "/etc" "/lib" "/usr/lib" etc. This just came back to the origin!! These "safe" locations are never necessarily be safe inside a chroot environment and the issue was exactly loading a library underneath /lib/. I just realized that someone have removed some details from my advisory draft by the way. To clarify: the chroot issue is not about the usual usage of chroot, but the fact that many chroot setups are not safe (e.g. "recommended" practice is to create a user writable directory under the chroot root with everything else read-only). Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk78ymMACgkQOfuToMruuMDKhgCffQHNVz8y3IhnXp18m6OW7/LZ FrMAn0SgW++iSd7d8LsAql/1y1tX8MjV =zzYY -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EFCCA63.5070409>