svn commit: r228843 - head/contrib/telnet/libtelnet head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec...

Xin LI delphij at gmail.com
Sun Jan 15 10:44:37 UTC 2012


On Sat, Jan 14, 2012 at 6:15 PM, Andrey Chernov <ache at freebsd.org> wrote:
> On Sat, Dec 24, 2011 at 02:26:20AM -0800, Xin LI wrote:
>> chroot(2) can create legitimate and secure environment where dlopen(2)
>> is safe and necessary.
>
> It seems it is internal contradiction in your argumentation:
> 1) You state that chroot(2) can create legitimate environment.
> 2) For ftpd's you disable .so loading in any case, i.e. even for
> legitimate environment too and you want to do so intentionally refusing
> passing responsibility to chroot(2) environment creator.
>
> In that situation the only suggestion of something like public interface
> is setting enviroment variable like "LD_SO_DISABLE" which prevents .so
> loading in libc.
>
> This is more clear than your stopgap.
>
> And please don't say that enviroment variable can be overwritten by the
> user inside ftpd itself, it is not so. And for case when some ftpd allows
> to call _any_ external program, it could do anything, like with your
> stopgap too.

Why you need anything if the program needs to run something inside the
chroot, which means one already have set up a full chroot environment?

Cheers,
-- 
Xin LI <delphij at delphij.net> https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die


More information about the svn-src-head mailing list