This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] ldd: never run file directly


On 08/16/2017 09:48 AM, Florian Weimer wrote:
> We have this old patch in our packages.  I think most distributions use
> something similar, as a guard against surprises.
> 
> Can we finally apply this upstream?

Yes please.

This is ridiculous behaviour on the part of upstream, you have no idea
what interpreter is encoded into the binary you are about to run, and
therefore should never run it directly for security reason.

The goal of ldd is always to print information about the program without
having to run it. We don't yet have a finished eu-ldd :-)
 
> From 83e5edd390eabe8f8e8e0d051f929b77a30c0767 Mon Sep 17 00:00:00 2001
> From: Andreas Schwab <schwab@redhat.com>
> Date: Fri, 18 Mar 2011 16:22:52 +0100
> Subject: [PATCH] ldd: never run file directly
> 
> * elf/ldd.bash.in: Never run file directly.
> 
> ---
>  ChangeLog       |    4 ++++
>  elf/ldd.bash.in |   14 +-------------
>  2 files changed, 5 insertions(+), 13 deletions(-)
> 
> --- a/elf/ldd.bash.in
> +++ b/elf/ldd.bash.in
> @@ -166,18 +166,6 @@ warning: you do not have execution permission for" "\`$file'" >&2
>        fi
>      done
>      case $ret in
> -    0)
> -      # If the program exits with exit code 5, it means the process has been
> -      # invoked with __libc_enable_secure.  Fall back to running it through
> -      # the dynamic linker.
> -      try_trace "$file"
> -      rc=$?
> -      if [ $rc = 5 ]; then
> -	try_trace "$RTLD" "$file"
> -	rc=$?
> -      fi
> -      [ $rc = 0 ] || result=1
> -      ;;

OK. This code is dangerous and depending on PT_INTERP can run anything
that might not honour the LD_DEBUG tracing options and therefore
execute a program you didn't intend to run as your user.

>      1)
>        # This can be a non-ELF binary or no binary at all.
>        nonelf "$file" || {
> @@ -185,7 +173,7 @@ warning: you do not have execution permission for" "\`$file'" >&2
>  	result=1
>        }
>        ;;
> -    2)
> +    0|2)
>        try_trace "$RTLD" "$file" || result=1
>        ;;
>      *)

OK.

-- 
Cheers,
Carlos.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]