From nobody Thu Jan 18 17:43:36 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TG98j61X0z56b3h
	for <dev-commits-src-all@mlmmj.nyi.freebsd.org>; Thu, 18 Jan 2024 17:43:49 +0000 (UTC)
	(envelope-from jrtc27@jrtc27.com)
Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com [209.85.221.49])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4TG98j4Mw9z47yg
	for <dev-commits-src-all@freebsd.org>; Thu, 18 Jan 2024 17:43:49 +0000 (UTC)
	(envelope-from jrtc27@jrtc27.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-wr1-f49.google.com with SMTP id ffacd0b85a97d-337cf4eabc9so692092f8f.3
        for <dev-commits-src-all@freebsd.org>; Thu, 18 Jan 2024 09:43:49 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1705599828; x=1706204628;
        h=to:references:message-id:content-transfer-encoding:cc:date
         :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=VFMZvVXjwALmOpUv4E5zZiTla8FRigIiIQnHqXhxKb4=;
        b=PMl23ZeS/6I0X2JjfoSe9qoxI93NzksiWc4MgPF9cyq2qQRMkRmtJORtoIe72eQY2i
         JmJ3DKbrnM52evsefFnU8dGQ2KWZaSb54hfzJKN75kkvuO0VswLYnAflmsx3algSn8TN
         SEU1UfTgb5cLMTcBMWqs8SGVvr0zkJw2WHZ3BBWr5YYtbqD6lIv8/FJwIiZ7Lak2M+0Q
         Z7mWSOCQAZxQ6CqQNdelfblyEMQ+MN4wPkCA+bWH5wSP4O/U/s7E5woexllP9bXv6Nmt
         8PHlcY6YDzOOqPyl8j11Noqgx/GpWci8/sz2htm5Hvo9TP5j3xcd8PEuc/zfQ++yQ734
         JGQw==
X-Gm-Message-State: AOJu0YwgDfBg+VzQ+95fn7pznK+ojF2xRsZ/CkBqRHAMNwkYIP9EQrzu
	TVh0pD8DxsVJrIDqk+lLyq9huYzhOgu5Pj5ucmGDcQkaUYsAeeJd/sOsOIy2UdhuW/yLIDVHhLk
	7
X-Google-Smtp-Source: AGHT+IHhQUfGqmY86yZDdPUbw4/VuS5mF88uklz3SZYpXxZJmpbkcKDGlxPdRfrCEDS5ivLuM7YfGw==
X-Received: by 2002:adf:fa8a:0:b0:337:c80f:6e19 with SMTP id h10-20020adffa8a000000b00337c80f6e19mr604699wrr.69.1705599827272;
        Thu, 18 Jan 2024 09:43:47 -0800 (PST)
Received: from smtpclient.apple ([131.111.5.246])
        by smtp.gmail.com with ESMTPSA id y8-20020a5d4ac8000000b00337af95c1d2sm4540809wrs.14.2024.01.18.09.43.46
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 18 Jan 2024 09:43:46 -0800 (PST)
Content-Type: text/plain;
	charset=utf-8
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.200.91.1.1\))
Subject: Re: git: 0990136ed175 - main - kerberos5: Mitigate the possibility of
 using an old libcrypto
From: Jessica Clarke <jrtc27@freebsd.org>
In-Reply-To: <kicsvwuaptgfe2y5krflx35smstai6siea4rl7ycyrqdkawrxt@rqobtpgi257u>
Date: Thu, 18 Jan 2024 17:43:36 +0000
Cc: Cy Schubert <cy@freebsd.org>,
 "src-committers@freebsd.org" <src-committers@freebsd.org>,
 "dev-commits-src-all@freebsd.org" <dev-commits-src-all@freebsd.org>,
 "dev-commits-src-main@freebsd.org" <dev-commits-src-main@freebsd.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <973524D3-FCB2-47E1-B04F-BB42E18550C5@freebsd.org>
References: <202401181523.40IFNvXI077592@gitrepo.freebsd.org>
 <D89E55DF-846D-44FA-9287-0FFED7B08C2C@freebsd.org>
 <kicsvwuaptgfe2y5krflx35smstai6siea4rl7ycyrqdkawrxt@rqobtpgi257u>
To: Shawn Webb <shawn.webb@hardenedbsd.org>
X-Mailer: Apple Mail (2.3774.200.91.1.1)
X-Rspamd-Queue-Id: 4TG98j4Mw9z47yg
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]

On 18 Jan 2024, at 17:35, Shawn Webb <shawn.webb@hardenedbsd.org> wrote:
>=20
> On Thu, Jan 18, 2024 at 05:29:47PM +0000, Jessica Clarke wrote:
>> On 18 Jan 2024, at 15:23, Cy Schubert <cy@FreeBSD.org> wrote:
>>>=20
>>> The branch main has been updated by cy:
>>>=20
>>> URL: =
https://cgit.FreeBSD.org/src/commit/?id=3D0990136ed1753ac7837206f9c5f4b83c=
cff6c405
>>>=20
>>> commit 0990136ed1753ac7837206f9c5f4b83ccff6c405
>>> Author:     Cy Schubert <cy@FreeBSD.org>
>>> AuthorDate: 2024-01-18 08:22:20 +0000
>>> Commit:     Cy Schubert <cy@FreeBSD.org>
>>> CommitDate: 2024-01-18 15:12:14 +0000
>>>=20
>>>   kerberos5: Mitigate the possibility of using an old libcrypto
>>>=20
>>>   By using the full library name (libcrypto.so.30) we avoid the =
exposure
>>>   of using an old, possibly vulnerable, library.
>>>=20
>>>   Reported by:            jrtc27
>>>   MFC after:              3 days
>>>   X-MFC with:             476d63e091c2
>>>   Fixes:                  476d63e091c2
>>> ---
>>> kerberos5/lib/libroken/fbsd_ossl_provider_load.c | 3 ++-
>>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>>=20
>>> diff --git a/kerberos5/lib/libroken/fbsd_ossl_provider_load.c =
b/kerberos5/lib/libroken/fbsd_ossl_provider_load.c
>>> index 497b32124f96..2328041bc166 100644
>>> --- a/kerberos5/lib/libroken/fbsd_ossl_provider_load.c
>>> +++ b/kerberos5/lib/libroken/fbsd_ossl_provider_load.c
>>> @@ -5,6 +5,7 @@
>>> #include <openssl/provider.h>
>>>=20
>>> #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >=3D 3)
>>> +#define CRYPTO_LIBRARY "/lib/libcrypto.so.30"
>>=20
>> This still assumes the native ABI is in use, i.e. doesn=E2=80=99t =
account for
>> libcompat. Can we please just drop the directory, or if it=E2=80=99s =
really
>> needed for some reason at least handle the libcompat case?
>=20
> Using relative paths might carry a potential security risk if the
> LD_LIBRARY_PATH environment variable is set to an attacker-controlled
> directory.

That=E2=80=99s true for direct linking too, yet we don=E2=80=99t =
hard-code everything
everywhere there. What=E2=80=99s special about dlopen?

Jess