tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

suenv



Background: libpthread is tagged as not loadable by dlopen() in
NetBSD-6.0. This breaks PAM modules that are linked with -lpthread or
that dlopen() other objects linked with -lpthread. 

Real life example is: 
su-> libpam.so -> pam_p11_opensc.so -> libp11.so ->  opensc-pkcs11.so
[uses pthread_mutex_t]  -> libopensc.so -> libpcsclite.so [uses
pthread_start]

Possible workaround: set LD_PRELOAD=/usr/lib/libpthread.so so that
libpthread is loaded at process tartup time. But that will not work with
set-UID binaries.

In that situation, and perhaps in others, it would be nice if the
administrator could configure a trusted environement for setUID
binaries. We would need a way to feed a colon-separated list of
environement variables (example:
LD_PRELOAD=/usr/lib/libpthread.so:FOO=bar). I see two way of dealing
with it:
1) lookup in /etc/suenv.d/$progname (probably libc based)
2) use sysctl security.suenv.$progname (kernel based)

I like the second one, which is simple to implement and cannot be messed
up with incorrect file permissions. I would fix my problem like this:
sysctl -w security.suenv.su=LD_PRELOAD=/usr/lib/libpthread.so
sysctl -w security.suenv.login=LD_PRELOAD=/usr/lib/libpthread.so

Opinions?
-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost


Home | Main Index | Thread Index | Old Index