svn commit: r228843 - head/contrib/telnet/libtelnet
head/lib/libc/gen head/lib/libc/iconv head/lib/libc/include
jhb at freebsd.org
Thu Dec 29 19:00:45 UTC 2011
On Thursday, December 29, 2011 1:44:01 pm Xin Li wrote:
> On 12/29/11 10:43, John Baldwin wrote:
> > On Thursday, December 29, 2011 1:26:17 pm Xin Li wrote:
> >> On 12/29/11 06:39, John Baldwin wrote:
> >>> Can you give some more details on why ftpd is triggering a
> >>> dlopen inside of the chroot? It would appear that that is
> >>> unrelated to helper programs (since setting a flag in libc in
> >>> ftpd can't possibly affect helper programs ability to use
> >>> dlopen() from within libc).
> >> Sure. That's because nsdispatch(3) would reload
> >> /etc/nsswitch.conf if it notices a change. After chroot() the
> >> file is considered as "chang"ed and thus it reloads the file as
> >> well as designated shared libraries.
> > But ftpd has to be doing some operation that invokes an nss lookup
> > after entering the chroot for that to trigger, correct?
> Oh ok, that was the built-in ls(1).
Were we not able to drop privilege before doing that? I.e. if you
forked a new process that dropped privilege before doing the ls
(similar to if you were to exec /bin/ls as a helper), would that not
have fixed this?
More information about the freebsd-security