On 2020-06-23 14:17, Ian Jackson wrote: > > Aurelien Jarno writes ("Re: Bug#963508: /lib/ld-linux.so.2: LD_PRELOAD breaks > with plain filename"): > > [stuff] > > Thanks for your explanations and sorry for being dense. > > > In secure-execution mode, preload pathnames containing slashes are > > ignored. Furthermore, shared objects are preloaded only from the > > standard search directories and only if they have set-user-ID mode bit > > enabled (which is not typical). > > Obviously it wouldn't be right for eatmydata to be loaded by actually > setuid programs. > > Ian Jackson writes ("Re: Bug#963508: /lib/ld-linux.so.2: LD_PRELOAD breaks > with plain filename"): > > (As an aside, I'm not sure why it makes sense for apparmor to inhibit > > preloading. I thought apparmor was intended to restrict the > > applications you apply it to, not defend them against their callers.) > > So the overall effect is that programs with apparmor profiles are > mostly protected from the effects of LD_PRELOAD (and, I assume, > LD_LIBRARY_PATH and various other properties of the execution > environment).
Yes, and also GCONV_PATH, GETCONF_DIR, HOSTALIASES, LOCALDOMAIN, LOCPATH, MALLOC_TRACE, NIS_PATH, NLSPATH, RESOLV_HOST_CONF, RES_OPTIONS, TMPDIR, and TZDIR. > This doesn't seem correct to me. Is there any documentation giving a > rationale for this ? Is there a way to change this locally ? I do not know enough about apparmor and its threat model to know if it should be considered or not. From the glibc point of view, nothing can be really done, it just obeys the AT_SECURE flag passed by the kernel. Now looking at apparmor.d(5), it seems it *might* be controlled by the change_profile option with the safe and unsafe mode. But I don't speak apparmor fluently enough to actually know how to introduce that option in a profile. > (Other than creating /etc/suid-debug, which is dangerous.) Yes, this means that it becomes very easy to become root on a system with that file. Regards Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net