This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Never leave $ORIGIN unexpanded

On Wed, Dec 30, 2015 at 02:55:26AM +0300, Dmitry V. Levin wrote:
> On Tue, Dec 29, 2015 at 05:31:08PM -0500, Mike Frysinger wrote:
> > On 29 Dec 2015 20:42, Dmitry V. Levin wrote:
> > >  This change started its life as commit 207e77fd3f0a94acdf0557608dd4f10ce0e0f22f,
> > >  it's in wide use, it was rebased and reviewed several times.
> > 
> > where ?
> It's in Fedora since glibc-2.13.90-12 (13.05.2011).
> I reviewed it twice at least.
> > links to discussions would be helpful,
> It's a follow-up to the series of commits made to fix
> I have no idea why it remained in fedora branch and hasn't been merged
> to master.
> > as would a more verbose explanation.
> The idea is, as the subject says, never to leave $ORIGIN unexpanded:
> if a privileged executable's rpath element contains $ORIGIN in a position
> that is not allowed for expansion in privileged executables, this rpath
> element shouldn't be left as is, it should be discarded.

So the question is, whether we consider the current behaviour safe or not:

$ rm -rf '$ORIGIN' && mkdir -m0700 '$ORIGIN' &&
  ln -snf /dev/null '$ORIGIN/' &&
  echo 'int main(){}' |gcc -xc - -Wl,-rpath,'./$ORIGIN' &&
  chgrp -h another_group a.out && chmod 02710 a.out && ./a.out
./a.out: error while loading shared libraries: ./$ORIGIN/ file too short

If we agree that it's unsafe, than the fix is ready to be applied.


Attachment: signature.asc
Description: PGP signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]