public inbox for libc-hacker@sourceware.org
 help / color / mirror / Atom feed
* [PATCH] Ignore origin of privileged program
@ 2010-12-09 14:47 Andreas Schwab
  2010-12-10  0:32 ` Ulrich Drepper
  0 siblings, 1 reply; 9+ messages in thread
From: Andreas Schwab @ 2010-12-09 14:47 UTC (permalink / raw)
  To: libc-hacker

2010-12-09  Andreas Schwab  <schwab@redhat.com>

	* elf/dl-object.c (_dl_new_object): Ignore origin of privileged
	program.
---
 elf/dl-object.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/elf/dl-object.c b/elf/dl-object.c
index 5d15ce1..a34e902 100644
--- a/elf/dl-object.c
+++ b/elf/dl-object.c
@@ -220,6 +220,9 @@ _dl_new_object (char *realname, const char *libname, int type,
     out:
       new->l_origin = origin;
     }
+  else if (INTUSE(__libc_enable_secure) && type == lt_executable)
+    /* The origin of a privileged program cannot be trusted.  */
+    new->l_origin = (char *) -1;
 
   return new;
 }
-- 
1.7.2.3


-- 
Andreas Schwab, schwab@redhat.com
GPG Key fingerprint = D4E8 DBE3 3813 BB5D FA84  5EC7 45C6 250E 6F00 984E
"And now for something completely different."

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH] Ignore origin of privileged program
  2010-12-09 14:47 [PATCH] Ignore origin of privileged program Andreas Schwab
@ 2010-12-10  0:32 ` Ulrich Drepper
  2010-12-10  8:46   ` Andreas Schwab
  0 siblings, 1 reply; 9+ messages in thread
From: Ulrich Drepper @ 2010-12-10  0:32 UTC (permalink / raw)
  To: Andreas Schwab; +Cc: libc-hacker

On Thu, Dec 9, 2010 at 09:47, Andreas Schwab <schwab@redhat.com> wrote:
> 2010-12-09  Andreas Schwab  <schwab@redhat.com>
>
>        * elf/dl-object.c (_dl_new_object): Ignore origin of privileged
>        program.

The check should also have a whitelist for programs in
{,/usr}/lib{,64}, similar to the DSO tests.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH] Ignore origin of privileged program
  2010-12-10  0:32 ` Ulrich Drepper
@ 2010-12-10  8:46   ` Andreas Schwab
  2010-12-10  9:19     ` Jakub Jelinek
  2010-12-10 14:11     ` Ulrich Drepper
  0 siblings, 2 replies; 9+ messages in thread
From: Andreas Schwab @ 2010-12-10  8:46 UTC (permalink / raw)
  To: Ulrich Drepper; +Cc: libc-hacker

Ulrich Drepper <drepper@gmail.com> writes:

> On Thu, Dec 9, 2010 at 09:47, Andreas Schwab <schwab@redhat.com> wrote:
>> 2010-12-09  Andreas Schwab  <schwab@redhat.com>
>>
>>        * elf/dl-object.c (_dl_new_object): Ignore origin of privileged
>>        program.
>
> The check should also have a whitelist for programs in
> {,/usr}/lib{,64}, similar to the DSO tests.

I don't think this is useful.  Libraries are not installed alongside
programs and privileged programs can only use $ORIGIN exactly.

Andreas.

-- 
Andreas Schwab, schwab@redhat.com
GPG Key fingerprint = D4E8 DBE3 3813 BB5D FA84  5EC7 45C6 250E 6F00 984E
"And now for something completely different."

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH] Ignore origin of privileged program
  2010-12-10  8:46   ` Andreas Schwab
@ 2010-12-10  9:19     ` Jakub Jelinek
  2010-12-10  9:21       ` Andreas Schwab
  2010-12-10 14:11     ` Ulrich Drepper
  1 sibling, 1 reply; 9+ messages in thread
From: Jakub Jelinek @ 2010-12-10  9:19 UTC (permalink / raw)
  To: Andreas Schwab; +Cc: Ulrich Drepper, libc-hacker

On Fri, Dec 10, 2010 at 09:46:10AM +0100, Andreas Schwab wrote:
> Ulrich Drepper <drepper@gmail.com> writes:
> 
> > On Thu, Dec 9, 2010 at 09:47, Andreas Schwab <schwab@redhat.com> wrote:
> >> 2010-12-09  Andreas Schwab  <schwab@redhat.com>
> >>
> >>        * elf/dl-object.c (_dl_new_object): Ignore origin of privileged
> >>        program.
> >
> > The check should also have a whitelist for programs in
> > {,/usr}/lib{,64}, similar to the DSO tests.
> 
> I don't think this is useful.  Libraries are not installed alongside
> programs and privileged programs can only use $ORIGIN exactly.

Well, for some of the iconv modules which use $ORIGIN that is
/usr/lib{,64}/gconv and we certainly need to do something about them,
either stop using $ORIGIN there, or make $ORIGIN be allowed to
/usr/lib{,64}/gconv, etc.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH] Ignore origin of privileged program
  2010-12-10  9:19     ` Jakub Jelinek
@ 2010-12-10  9:21       ` Andreas Schwab
  0 siblings, 0 replies; 9+ messages in thread
From: Andreas Schwab @ 2010-12-10  9:21 UTC (permalink / raw)
  To: Jakub Jelinek; +Cc: Ulrich Drepper, libc-hacker

Jakub Jelinek <jakub@redhat.com> writes:

> Well, for some of the iconv modules which use $ORIGIN that is

This has nothing to do with libraries.

Andreas.

-- 
Andreas Schwab, schwab@redhat.com
GPG Key fingerprint = D4E8 DBE3 3813 BB5D FA84  5EC7 45C6 250E 6F00 984E
"And now for something completely different."

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH] Ignore origin of privileged program
  2010-12-10  8:46   ` Andreas Schwab
  2010-12-10  9:19     ` Jakub Jelinek
@ 2010-12-10 14:11     ` Ulrich Drepper
  2010-12-10 14:20       ` Andreas Schwab
  1 sibling, 1 reply; 9+ messages in thread
From: Ulrich Drepper @ 2010-12-10 14:11 UTC (permalink / raw)
  To: Andreas Schwab; +Cc: libc-hacker

On Fri, Dec 10, 2010 at 03:46, Andreas Schwab <schwab@redhat.com> wrote:
> I don't think this is useful.  Libraries are not installed alongside
> programs and privileged programs can only use $ORIGIN exactly.

Of course it is useful.  $ORIGIN is about the build process as much as
anything else.  If I can relocate a package just by installing the
files with a different prefix that's a big plus.  For this you need
$ORIGIN or otherwise rebuild everything (binary editing doesn't work
in general).

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH] Ignore origin of privileged program
  2010-12-10 14:11     ` Ulrich Drepper
@ 2010-12-10 14:20       ` Andreas Schwab
  2010-12-10 15:14         ` Ulrich Drepper
  0 siblings, 1 reply; 9+ messages in thread
From: Andreas Schwab @ 2010-12-10 14:20 UTC (permalink / raw)
  To: Ulrich Drepper; +Cc: libc-hacker

Ulrich Drepper <drepper@gmail.com> writes:

> Of course it is useful.

Not for a privileged binary.

> $ORIGIN is about the build process as much as anything else.  If I can
> relocate a package just by installing the files with a different
> prefix that's a big plus.  For this you need $ORIGIN or otherwise
> rebuild everything (binary editing doesn't work in general).

That requires the libraries to be put in the same directory as the
binary, which is against all layout recommendations.

Andreas.

-- 
Andreas Schwab, schwab@redhat.com
GPG Key fingerprint = D4E8 DBE3 3813 BB5D FA84  5EC7 45C6 250E 6F00 984E
"And now for something completely different."

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH] Ignore origin of privileged program
  2010-12-10 14:20       ` Andreas Schwab
@ 2010-12-10 15:14         ` Ulrich Drepper
  2010-12-10 15:21           ` Andreas Schwab
  0 siblings, 1 reply; 9+ messages in thread
From: Ulrich Drepper @ 2010-12-10 15:14 UTC (permalink / raw)
  To: Andreas Schwab; +Cc: libc-hacker

On Fri, Dec 10, 2010 at 09:20, Andreas Schwab <schwab@redhat.com> wrote:
> That requires the libraries to be put in the same directory as the
> binary, which is against all layout recommendations.

No.  It just requires the whole tree is moved in unison.  That's
what's happening in such cases.

If you don't want to change your patch say it.  I won't apply it the
way it is.  It will mean someone else has to do the work.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH] Ignore origin of privileged program
  2010-12-10 15:14         ` Ulrich Drepper
@ 2010-12-10 15:21           ` Andreas Schwab
  0 siblings, 0 replies; 9+ messages in thread
From: Andreas Schwab @ 2010-12-10 15:21 UTC (permalink / raw)
  To: Ulrich Drepper; +Cc: libc-hacker

Ulrich Drepper <drepper@gmail.com> writes:

> On Fri, Dec 10, 2010 at 09:20, Andreas Schwab <schwab@redhat.com> wrote:
>> That requires the libraries to be put in the same directory as the
>> binary, which is against all layout recommendations.
>
> No.  It just requires the whole tree is moved in unison.

No, that does not work.

Andreas.

-- 
Andreas Schwab, schwab@redhat.com
GPG Key fingerprint = D4E8 DBE3 3813 BB5D FA84  5EC7 45C6 250E 6F00 984E
"And now for something completely different."

^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2010-12-10 15:21 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-12-09 14:47 [PATCH] Ignore origin of privileged program Andreas Schwab
2010-12-10  0:32 ` Ulrich Drepper
2010-12-10  8:46   ` Andreas Schwab
2010-12-10  9:19     ` Jakub Jelinek
2010-12-10  9:21       ` Andreas Schwab
2010-12-10 14:11     ` Ulrich Drepper
2010-12-10 14:20       ` Andreas Schwab
2010-12-10 15:14         ` Ulrich Drepper
2010-12-10 15:21           ` Andreas Schwab

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).