svn commit: r228843 - head/contrib/telnet/libtelnet
head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen
head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec...
ache at FreeBSD.ORG
Thu Dec 29 20:35:23 UTC 2011
On Thu, Dec 29, 2011 at 12:15:31PM -0800, Xin Li wrote:
> > Instead of total disabling we can (by calling rtld function)
> > restrict dlopen() in ftpd() to absolute path of know safe
> > directories list like "/etc" "/lib" "/usr/lib" etc.
> This just came back to the origin!! These "safe" locations are never
> necessarily be safe inside a chroot environment and the issue was
> exactly loading a library underneath /lib/.
> I just realized that someone have removed some details from my
> advisory draft by the way. To clarify: the chroot issue is not about
> the usual usage of chroot, but the fact that many chroot setups are
> not safe (e.g. "recommended" practice is to create a user writable
> directory under the chroot root with everything else read-only).
Unsecure (non-root /lib) may happens by admin mistake which is very
different situation from loading .so from the current (say /incoming/)
directory. We can't provide babysitting for every admin by our code, but
can by our documentation only (probably by repeating the same thing in
ftpd docs and chroot docs). And many admins don't needs babysitting and
may take it as unnecessary restriction.
More information about the freebsd-security