svn commit: r228843 - head/contrib/telnet/libtelnet
head/crypto/heimdal/appl/telnet/libtelnet
head/include head/lib/libc/gen head/lib/libc/iconv head/lib/libc/include
head/lib/libc/net head/libexec...
Xin Li
delphij at delphij.net
Thu Dec 29 19:15:45 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/29/11 10:36, Andrey Chernov wrote:
> On Thu, Dec 29, 2011 at 10:26:17AM -0800, Xin Li wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> On 12/29/11 06:39, John Baldwin wrote:
>>> Can you give some more details on why ftpd is triggering a
>>> dlopen inside of the chroot? It would appear that that is
>>> unrelated to helper programs (since setting a flag in libc in
>>> ftpd can't possibly affect helper programs ability to use
>>> dlopen() from within libc).
>>
>> Sure. That's because nsdispatch(3) would reload
>> /etc/nsswitch.conf if it notices a change. After chroot() the
>> file is considered as "chang"ed and thus it reloads the file as
>> well as designated shared libraries.
>
> Another proposal more close to @secteam version, but less ugly: to
> have public API rtld function (or env variable) which prevents
> _any_ dlopen(), not guarded currently by libc only.
Would you please elaborate how this would be less ugly (e.g. with a
patch)?
> That way only rtld and ftpd's needs to be rebuilded, but not libc
> itself.
We discussed a change like this but IIRC it was rejected because the
affected surface is too broad and we wanted to limit it to just the
implicit dlopen()s to avoid breaking legitimate applications.
Cheers,
- --
Xin LI <delphij at delphij.net> https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk78vGAACgkQOfuToMruuMA6RwCfWP6Lqq6P4vcmL9MbsOI+uV9R
wEQAnRyKe6vGvEdnuDPbBkP5kKdvLC8Q
=jwOs
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list