On 05/15/2017 15:32, Bryan Drewery wrote: > On 5/15/2017 12:29 PM, Konstantin Belousov wrote: >> On Mon, May 15, 2017 at 12:25:20PM -0700, Bryan Drewery wrote: >>> On 5/15/2017 12:00 PM, Konstantin Belousov wrote: >>>> On Mon, May 15, 2017 at 06:52:36PM +0000, Alexey Dokuchaev wrote: >>>>> On Mon, May 15, 2017 at 06:48:58PM +0000, Konstantin Belousov wrote: >>>>>> New Revision: 318313 >>>>>> URL: https://svnweb.freebsd.org/changeset/base/318313 >>>>>> >>>>>> Log: >>>>>> Make ld-elf.so.1 directly executable. >>>>> >>>>> Does it mean that old Linux' trick of /lib/ld-linux.so.2 /bin/chmod +x >>>>> /bin/chmod would now be possible on FreeBSD as well? >>>> Yes. >>>> >>>>> Does this have any security implications? >>>> What do you mean ? >>>> >>> >>> I think for 3rd-party distributions it may be a problem. At the very >>> least it needs to be communicated clearly in release notes or UPDATING. >>> >>> Consider a downstream vendor who has support for signed binary >>> executions. If rtld allows a backdoor around exec(2) to run an unsigned >>> binary, that could be a problem for them. It is on them to add support >>> to exec(2) to validate the special case of execing rtld with an >>> argument, or to just disable the feature in rtld from this commit. >> >> Note the undocumented O_VERIFY flag in open(2) from the patch. >> This is very vendor-ish addition to request veriexec (?). >> > > Ah nice. >
Note, this already does the right thing with noexec filesystems: # zfs create -o mountpoint=/mnt -o exec=off tank/TEST # cp /bin/sh /mnt/ # /mnt/sh /mnt/sh: Permission denied. # /libexec/ld-elf.so.1 /mnt/sh /mnt/sh: mmap of data failed: Permission denied - Nikolai Lifanov
signature.asc
Description: OpenPGP digital signature