On Thu, Aug 08, 2013 at 09:24:16PM +0200, Yann Droneaud wrote: > Hi, > > Le mardi 21 mai 2013 ?? 14:57 -0600, Jason Gunthorpe a ??crit : > > On Mon, May 20, 2013 at 11:43:05PM +0200, Yann Droneaud wrote: > > > libibverbs must refuse to load arbitrary shared objects. > > > > > > This patch check the configuration directory and files for > > > - being owned by root; > > > - not being writable by others. > > > > I really don't like this. Is there some exploit against /etc/ now that > > requires this sort of checking? > > > > Loading shared object as part of a setuid binary should be handled > with extra care. Adding checks to the configuration loader is > required so that only trusted shared object get loaded.
Well, still, I'm not sure this is required. IBV_CONFIG_DIR is hardwired and not overriable (via environment, etc), so it is a simple installation error to have the wrong permissions for your environment on these files. But lots of files need to have the correct permissions for setuid to be secure (the binary, the library itself, the libraries it dlopens, the directories that contain all of these things, etc) - not sure it makes any sense at all to single out the config files for special checking. In any event, if these checks really are necessary they should be only done if running in a setuid context, and they almost certainly need to extend to the dlopen paths as well.. Jason -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
