I'm sorry Emmanuel, I meant to post my message to the list, not directly to you! I'm overtired. On Mon, 22 Oct 2012 12:20:02 +0000 Emmanuel Dreyfus <manu%netbsd.org@localhost> wrote: > On Mon, Oct 22, 2012 at 11:21:06AM +0100, Julian Yon wrote: > > If not careful this could open up a family of attacks where someone > > finds a way to preload a library other than that intended, e.g. by > > use of chroot. > > You need to be root to call chroot(2). If you can take for granted tha > the attacker is able to write stuff in /etc/ then there are many way > to root the systtem, anyway. Yes, I'm aware only root can chroot. I think I was thinking in terms of amplification, i.e. some theoretical attack becomes viable because of an unnecessary hole which wasn't there previously. Nothing concrete springs to mind. > > Linux's ld.so has a restriction on LD_PRELOAD that ?For > > setuid/setgid ELF binaries, only libraries in the standard search > > directories that are also setgid will be loaded.? I don't have a > > NetBSD system to hand to check: Does NetBSD enforce the same > > restriction? > > Not AFAIK. We could do the same, except that this approach does not > play well with su/pam/opensc-pkcs11.so. We would neet to always have > LD_PRELOAD set in the shell, just in case the user runs su. Or have > a shell-script wrapper around su. The problem with this sort of kludge is that later on nobody can remember why it was necessary or what actually needs to be fixed. Julian -- 3072D/F3A66B3A Julian Yon (2012 General Use) <pgp.2012%jry.me@localhost>
Attachment:
signature.asc
Description: PGP signature