From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 91887 invoked by alias); 16 Aug 2017 13:56:33 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Received: (qmail 90258 invoked by uid 89); 16 Aug 2017 13:56:32 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-11.0 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM autolearn=ham version=3.3.2 spammy= X-HELO: mail-qt0-f171.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=9fSEEpjKg91VDmta8EY48UQzXw/W7FS4CL4sz4vsY5o=; b=AhCEZKziGrGTsuwzXGxqgc9D+cfFftGeAd0ssYNIvMoNkztxOuOrqlHpWkQRDWp+A/ IE53y1b5CwE03nTAOGJSHl3M02ruZdLm+kEHCCy010a0lm/D6NSjPvB5y2gyaH7Be34i Az7yJ5Wg8agg7JWBYXgYWX2/OsxpG41pcDCpjrdi8zHwiUMTRkE34lJtn/pYnuISzJ1V 4lkdkB7zsWOYTaxXpE08Em0KpBfa3X2vahXMVPcfkPXK+01mMYpdzDDErq8fS78lgD31 kaS89fbETD+qedmL7aoPkhlK92oQHMwTim/GOFRrJFhcUZWVVHNXOXSi9R9GZChNqs6y zPow== X-Gm-Message-State: AHYfb5hDFkcLwnKKkhsWpRl4g3TPmQAH59KApZUIE1xdi+7dVk4boYEU 3WR12obhA+RvqUxiuTA/Vw== X-Received: by 10.237.63.228 with SMTP id w33mr2543455qth.8.1502891789132; Wed, 16 Aug 2017 06:56:29 -0700 (PDT) Subject: Re: [PATCH] ldd: never run file directly To: Florian Weimer , GNU C Library References: From: Carlos O'Donell Message-ID: <371c1221-6ce5-8952-d3cd-99e72febadf9@redhat.com> Date: Wed, 16 Aug 2017 13:56:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-SW-Source: 2017-08/txt/msg00650.txt.bz2 On 08/16/2017 09:48 AM, Florian Weimer wrote: > We have this old patch in our packages. I think most distributions use > something similar, as a guard against surprises. > > Can we finally apply this upstream? Yes please. This is ridiculous behaviour on the part of upstream, you have no idea what interpreter is encoded into the binary you are about to run, and therefore should never run it directly for security reason. The goal of ldd is always to print information about the program without having to run it. We don't yet have a finished eu-ldd :-) > From 83e5edd390eabe8f8e8e0d051f929b77a30c0767 Mon Sep 17 00:00:00 2001 > From: Andreas Schwab > Date: Fri, 18 Mar 2011 16:22:52 +0100 > Subject: [PATCH] ldd: never run file directly > > * elf/ldd.bash.in: Never run file directly. > > --- > ChangeLog | 4 ++++ > elf/ldd.bash.in | 14 +------------- > 2 files changed, 5 insertions(+), 13 deletions(-) > > --- a/elf/ldd.bash.in > +++ b/elf/ldd.bash.in > @@ -166,18 +166,6 @@ warning: you do not have execution permission for" "\`$file'" >&2 > fi > done > case $ret in > - 0) > - # If the program exits with exit code 5, it means the process has been > - # invoked with __libc_enable_secure. Fall back to running it through > - # the dynamic linker. > - try_trace "$file" > - rc=$? > - if [ $rc = 5 ]; then > - try_trace "$RTLD" "$file" > - rc=$? > - fi > - [ $rc = 0 ] || result=1 > - ;; OK. This code is dangerous and depending on PT_INTERP can run anything that might not honour the LD_DEBUG tracing options and therefore execute a program you didn't intend to run as your user. > 1) > # This can be a non-ELF binary or no binary at all. > nonelf "$file" || { > @@ -185,7 +173,7 @@ warning: you do not have execution permission for" "\`$file'" >&2 > result=1 > } > ;; > - 2) > + 0|2) > try_trace "$RTLD" "$file" || result=1 > ;; > *) OK. -- Cheers, Carlos.