Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <da7baff3-ca15-4883-9e71-6aaa3bd2f20b@email.android.com>
Date: Wed, 15 Jan 2014 19:52:19 +0800
From: orc <orc@...server.ru>
To: musl@...ts.openwall.com
Subject: Re: install.sh is wrong with libc.so

Christian Wiese <chris@...nsde.net> пишет:
>Hi,
>
>On Wed, 15 Jan 2014 16:42:08 +0800
>orc <orc@...server.ru> wrote:
>
>> In case of executable files (which libc.so is), install.sh is wrong
>> and dangerous.
>Just for curiosity, what do you mean in particular to be "dangerous"?

Dangerous in case after performing installation, dynamic linked system becomes unusable: no logins are accepted, no shell can be spawned, even self-boot with init= kernel command line will give you nothing but a kernel panic.
(Of course I should have a static linked busybox, but I even did not expected such a change will occur since 0.9.12)

>> 
>> The sequence of commands of install.sh from 0.9.15:
>> 
>> umask 077
>> cat < lib/libc.so > /lib/libc.so.tmp.pid # /lib/libc.so.tmp.pid is
>> created with mode 600
>> mv -f /lib/libc.so.tmp.pid /lib/libc.so
>> chmod 755 /lib/libc.so # failed with "Permission denied"
>
>I just checked the build logs on my own musl based builds that are
>installing things into a dedicated "sysroot directory" for that build,
>and the install just works fine.
>I think what you are doing is calling 'make install' as a non-root
>user which will obviously fail.
>What I do not really get is why a normal user should be able to install
>a '/lib/lbc.so' anyway. That somehow feels more dangerous to me, but
>maybe I do not get the whole picture here, as you just provided some
>snippets and you are not telling us how your build process actually
>looks like.
>
>I think the info about how you are building would be quite helpful.

I did installation as root user. I also do not run restrictive/hardened kernels.
Sorry I lost log of installation, but after installing 0.9.15' libc.so "make install" refused to run with "Permission denied" error. Rest is simple: no command can be executed, login attempts refused, symptoms like "rm -fr /" was executed, only with "Permission denied".
Only boot from rescue flash drive with prepared initrd showed that /lib/libc.so was half-installed with mode 600.

>
>Cheers,
>Chris

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.