Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAPLrYESPGdX7gLQ8BuHaZs74m+ihestzq7EeLPfoNUcJy25zFw@mail.gmail.com>
Date: Fri, 28 Mar 2014 17:34:29 +0100
From: Daniel Cegiełka <daniel.cegielka@...il.com>
To: musl@...ts.openwall.com
Subject: Re: be able to break inheritance of LD_LIBRARY_PATH

2014-03-28 11:42 GMT+01:00 <u-igbb@...ey.se>:

>
> A naïve implementation might look as follows:
>
> --- src/ldso/dynlink.c.ori      2014-03-28 10:37:34.821317811 +0100
> +++ src/ldso/dynlink.c  2014-03-28 11:21:16.828047766 +0100
> @@ -962,6 +962,7 @@
>         size_t vdso_base;
>         size_t *auxv;
>         char **envp = argv+argc+1;
> +       int forget_ld_library_path = 0;
>
>         /* Find aux vector just past environ[] */
>         for (i=argc+1; argv[i]; i++)
> @@ -969,8 +970,19 @@
>                         env_path = argv[i]+16;
>                 else if (!memcmp(argv[i], "LD_PRELOAD=", 11))
>                         env_preload = argv[i]+11;
> +               else if (!memcmp(argv[i], "FORGET_LD_LIBRARY_PATH=", 23))
> +                       forget_ld_library_path = 1;
>         auxv = (void *)(argv+i+1);
>
> +       /* one _may_ wish to break the inheritance of LD_LIBRARY_PATH,
> +        * the hack below only works if the corresponding memory is writable
> +        * -- rl */
> +       if (forget_ld_library_path)
> +               for (i=argc+1; argv[i]; i++)
> +                       if (!memcmp(argv[i], "LD_LIBRARY_PATH=", 16) ||
> +                           !memcmp(argv[i], "FORGET_LD_LIBRARY_PATH=", 23))
> +                               argv[i][0] = 'X';
> +
>         decode_vec(auxv, aux, AUX_CNT);
>
>         /* Only trust user/env if kernel says we're not suid/sgid */
>
>
> What do you think about this? Can this or something better be done?
> I would love to be able to go with musl.

Hi Rune,
I don't understand why you expect that users wants this functionality.
Is this raises the risk for SUID/SGID?

/* Only trust user/env if kernel says we're not suid/sgid */
if ((aux[0]&0x7800)!=0x7800 || aux[AT_UID]!=aux[AT_EUID]
 || aux[AT_GID]!=aux[AT_EGID] || aux[AT_SECURE]) {
env_path = 0;
env_preload = 0;
libc.secure = 1;
}

but where is hardering for forget_ld_library_path?

Daniel

>
> Regards,
> Rune
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.