From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 18254 invoked by alias); 10 Dec 2010 08:46:37 -0000 Received: (qmail 18236 invoked by uid 22791); 10 Dec 2010 08:46:37 -0000 X-SWARE-Spam-Status: No, hits=-6.2 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Fri, 10 Dec 2010 08:46:20 +0000 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id oBA8kCnU005162 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 10 Dec 2010 03:46:12 -0500 Received: from hase (ovpn01.gateway.prod.ext.phx2.redhat.com [10.5.9.1]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id oBA8kAJ1025151; Fri, 10 Dec 2010 03:46:11 -0500 From: Andreas Schwab To: Ulrich Drepper Cc: libc-hacker@sourceware.org Subject: Re: [PATCH] Ignore origin of privileged program References: X-Yow: I want you to MEMORIZE the collected poems of EDNA ST VINCENT MILLAY.. BACKWARDS!! Date: Fri, 10 Dec 2010 08:46:00 -0000 In-Reply-To: (Ulrich Drepper's message of "Thu, 9 Dec 2010 19:31:59 -0500") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mailing-List: contact libc-hacker-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-hacker-owner@sourceware.org X-SW-Source: 2010-12/txt/msg00003.txt.bz2 Ulrich Drepper writes: > On Thu, Dec 9, 2010 at 09:47, Andreas Schwab wrote: >> 2010-12-09 =C2=A0Andreas Schwab =C2=A0 >> >> =C2=A0 =C2=A0 =C2=A0 =C2=A0* elf/dl-object.c (_dl_new_object): Ignore or= igin of privileged >> =C2=A0 =C2=A0 =C2=A0 =C2=A0program. > > The check should also have a whitelist for programs in > {,/usr}/lib{,64}, similar to the DSO tests. I don't think this is useful. Libraries are not installed alongside programs and privileged programs can only use $ORIGIN exactly. Andreas. --=20 Andreas Schwab, schwab@redhat.com GPG Key fingerprint =3D D4E8 DBE3 3813 BB5D FA84 5EC7 45C6 250E 6F00 984E "And now for something completely different."