svn commit: r318313 - head/libexec/rtld-elf
Alexey Dokuchaev
danfe at FreeBSD.org
Mon May 15 22:30:23 UTC 2017
On Mon, May 15, 2017 at 01:00:48PM -0700, Rodney W. Grimes wrote:
> > On Mon, May 15, 2017 at 03:09:33PM -0400, Nikolai Lifanov wrote:
> > > On 05/15/2017 14:52, Alexey Dokuchaev wrote:
> > ...
> > Because /bin/chmod is owned by root, not because /libexec/ld-elf.so.1 is
> > limiting execution to root only, or is it (I might have missed uid check
> > in that patch [1], but at a quick glance I didn't see it).
> >
> > On a living system, there are plenty of other ways to restore missing
> > +x on /bin/chmod as long as you can call chmod(2), from simple Python
> > script down to manually crafting small binary in hex.
>
> Simple tool to get out of this is use of install(8) to "install" your
> broken chmod to another file with proper modes. And if you lost that
> one you could use mtree(8) with a easily crafted input file.
Right. Like I've said, there are plenty of ways. In the mean time...
While we've been somewhat calmed by r313967, which had secured us from
consequences of running binaries from filesystems mounted with -o noexec,
few questions had remained unanswered so far:
- Would doing chmod -x /libexec/ld-elf.so.1 break anything from now on?
- Does it make sense to implement something like [1]?
- Could original "MFC after: 2 weeks" be extended a bit to give more
time to gather enough feedback? I don't see the need for the rush.
./danfe
> > [1] Idea for security.bsd.ld_elf_exec_root_only sysctl(8)?
More information about the svn-src-head
mailing list