svn commit: r228843 - head/contrib/telnet/libtelnet head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec...

Xin Li delphij at delphij.net
Thu Dec 29 20:15:33 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/29/11 11:42, Andrey Chernov wrote:
> On Thu, Dec 29, 2011 at 11:15:44AM -0800, Xin Li wrote:
>> Would you please elaborate how this would be less ugly (e.g. with
>> a patch)?
> 
> Why doing a patch if you apparently don't care? )

Ok now you don't have to do a patch.

I had asked because sometimes a patch would better describe what would
be done, especially for abstract concepts like ugliness of code.  As
Alfred recently posted in a different thread, you may have a great
idea in your mind but without the same background knowledge it's
sometimes hard for others to understand it.

> In few words, it less ugly because it 1) will be public API, 2)
> will restrict all possibe future dlopen() usage (f.e. someday tar,
> which used in some ftpds, can use dlopen() to load its formats
> etc.)
> 
>> We discussed a change like this but IIRC it was rejected because
>> the affected surface is too broad and we wanted to limit it to
>> just the implicit dlopen()s to avoid breaking legitimate
>> applications.
> 
> Instead of total disabling we can (by calling rtld function)
> restrict dlopen() in ftpd() to absolute path of know safe
> directories list like "/etc" "/lib" "/usr/lib" etc.

This just came back to the origin!!  These "safe" locations are never
necessarily be safe inside a chroot environment and the issue was
exactly loading a library underneath /lib/.

I just realized that someone have removed some details from my
advisory draft by the way.  To clarify: the chroot issue is not about
the usual usage of chroot, but the fact that many chroot setups are
not safe (e.g. "recommended" practice is to create a user writable
directory under the chroot root with everything else read-only).

Cheers,
- -- 
Xin LI <delphij at delphij.net>	https://www.delphij.net/
FreeBSD - The Power to Serve!		Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk78ymMACgkQOfuToMruuMDKhgCffQHNVz8y3IhnXp18m6OW7/LZ
FrMAn0SgW++iSd7d8LsAql/1y1tX8MjV
=zzYY
-----END PGP SIGNATURE-----

More information about the freebsd-security mailing list