From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-hacker-return-9664-listarch-libc-hacker=sources.redhat.com@sourceware.org>
Received: (qmail 18254 invoked by alias); 10 Dec 2010 08:46:37 -0000
Received: (qmail 18236 invoked by uid 22791); 10 Dec 2010 08:46:37 -0000
X-SWARE-Spam-Status: No, hits=-6.2 required=5.0
	tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,T_RP_MATCHES_RCVD
X-Spam-Check-By: sourceware.org
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28)
    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Fri, 10 Dec 2010 08:46:20 +0000
Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id oBA8kCnU005162
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Fri, 10 Dec 2010 03:46:12 -0500
Received: from hase (ovpn01.gateway.prod.ext.phx2.redhat.com [10.5.9.1])
	by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id oBA8kAJ1025151;
	Fri, 10 Dec 2010 03:46:11 -0500
From: Andreas Schwab <schwab@redhat.com>
To: Ulrich Drepper <drepper@gmail.com>
Cc: libc-hacker@sourceware.org
Subject: Re: [PATCH] Ignore origin of privileged program
References: <m38vzz57gp.fsf@redhat.com>
	<AANLkTinR2Vuc64aar97SVR=49m98Sg2LPAVJkzFXBK07@mail.gmail.com>
X-Yow: I want you to MEMORIZE the collected poems of EDNA ST VINCENT MILLAY..
 BACKWARDS!!
Date: Fri, 10 Dec 2010 08:46:00 -0000
In-Reply-To: <AANLkTinR2Vuc64aar97SVR=49m98Sg2LPAVJkzFXBK07@mail.gmail.com>
	(Ulrich Drepper's message of "Thu, 9 Dec 2010 19:31:59 -0500")
Message-ID: <m3sjy63til.fsf@redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mailing-List: contact libc-hacker-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-hacker.sourceware.org>
List-Subscribe: <mailto:libc-hacker-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-hacker/>
List-Post: <mailto:libc-hacker@sourceware.org>
List-Help: <mailto:libc-hacker-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: libc-hacker-owner@sourceware.org
X-SW-Source: 2010-12/txt/msg00003.txt.bz2

Ulrich Drepper <drepper@gmail.com> writes:

> On Thu, Dec 9, 2010 at 09:47, Andreas Schwab <schwab@redhat.com> wrote:
>> 2010-12-09 =C2=A0Andreas Schwab =C2=A0<schwab@redhat.com>
>>
>> =C2=A0 =C2=A0 =C2=A0 =C2=A0* elf/dl-object.c (_dl_new_object): Ignore or=
igin of privileged
>> =C2=A0 =C2=A0 =C2=A0 =C2=A0program.
>
> The check should also have a whitelist for programs in
> {,/usr}/lib{,64}, similar to the DSO tests.

I don't think this is useful.  Libraries are not installed alongside
programs and privileged programs can only use $ORIGIN exactly.

Andreas.

--=20
Andreas Schwab, schwab@redhat.com
GPG Key fingerprint =3D D4E8 DBE3 3813 BB5D FA84  5EC7 45C6 250E 6F00 984E
"And now for something completely different."