On Fri, Apr 26, 2019 at 11:46:17PM -0600, Theo de Raadt wrote:

> Igor Podlesny <open...@poige.ru> wrote:
> 
> > On Sat, 27 Apr 2019 at 12:37, Anthony J. Bentley <anth...@anjbe.name> wrote:
> > >
> > > You didn't check the manpage.
> > 
> > you didn't think it over.
> > https://www.mail-archive.com/misc@openbsd.org/msg167012.html
> 
> No, you didn't think it through at all.
> 
> You are expecting the malloc settings to provide security gaurantees.
> They do not.  They detect corruption.  That is not the same as
> a security gaurantee.
> 
> Then you wish to use this inside a chroot jail, and make it tighter.
> 
> Fine.
> 
> Next you argue but what if the program inside the jail adjusts
> it's environment.  Well then all bets are off.  Why would that
> program modify it's environment variable only, rather than just
> doing anything else it wants to do?
> 
> Why would it restrict itself to adjusting this specific environment
> variable only, and why would you consider that to impact security?
> 
> 
> The malloc configuration was moved to a sysctl to make it compatible
> with pledge+unveil.  It has tightened the security in many programs.
> 
> The change has weakened security in your configurations because
> you designed them wrong.

Additionally, in many cases using a symlink has unclear effects, since
it is hard to determine if the first malloc call (malloc inits itself
on first use) happens before of after the chroot call. I would argue
that in many cases people were thinking they had per-chroot settings,
while actually they had not.

        -Otto


> 
> Finally Igor you are being a jerk.  Cut it out.
> 

Reply via email to