tech-toolchain archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: RT linker, rpath and security



Le Thu, May 11, 2023 at 03:44:09PM +0200, Martin Husemann a écrit :
> On Thu, May 11, 2023 at 03:25:57PM +0200, tlaronde%polynum.com@localhost wrote:
> > Why the argument "admin should know better" isn't given for these
> > instead of implementing security measures?
> 
> An admin can not check all input that binaries have to deal with, but
> checking sane access rights for paths showing up in binaries they
> install (or trusting pkgsrc to have done that and creatings dirs with
> proper permissions) is easy.

As easy as using ldd(1)? Which won't tell you the true story. Only
"readelf -d" will tell you. I would be very surprised if it was common
practice. If it was, it would be mentionned in security(7) I guess?

BTW, "/etc/security" should be changed: it verifies that there is no
directory writable by others in root PATH... 

Just my two Euro cents,
-- 
        Thierry Laronde <tlaronde +AT+ polynum +dot+ com>
                     http://www.kergis.com/
                    http://kertex.kergis.com/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89  250D 52B1 AE95 6006 F40C


Home | Main Index | Thread Index | Old Index