Differential D48076

rtld: restore abort for malformed environments while setuid
AcceptedPublic
Actions

Authored by kevans on Sat, Dec 14, 4:28 AM.

Tags

None

Referenced Files

	Unknown Object (File)
	Fri, Dec 27, 7:37 AM

	Unknown Object (File)
	Fri, Dec 27, 3:53 AM

	Unknown Object (File)
	Thu, Dec 26, 1:23 PM

	Unknown Object (File)
	Wed, Dec 18, 6:16 PM

Subscribers

Details

Reviewers

emaste
kib
imp

Summary

From 2009 up until bfd4c875a105 ("rtld: avoid use of of getenv(3) ..."),
rtld would abort if a malformed environment was observed in tainted
executions. The abort was added at the time because we wouldn't be able
to unset any of the sensitive env vars that we try to sanitize. This
has been rewritten such that that isn't an issue anymore, but a
malformed environment like this can be a good indicator that the caller
is trying to do something hinky; let's restore the previous behavior.

Discussed with: emaste

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 61154
Build 58038: arc lint + arc unit

Event Timeline

kevans created this revision.Sat, Dec 14, 4:28 AM

Herald added subscribers: bdragon, imp. · View Herald TranscriptSat, Dec 14, 4:28 AM

kevans requested review of this revision.Sat, Dec 14, 4:28 AM

Harbormaster completed remote builds in B61154: Diff 147949.Sat, Dec 14, 4:28 AM

imp accepted this revision.Sat, Dec 14, 4:49 AM

This revision is now accepted and ready to land.Sat, Dec 14, 4:49 AM

kib added inline comments.Sat, Dec 14, 9:50 AM

libexec/rtld-elf/rtld.c
428	Asserts check for 'trust'. Should we only die there if suid, as well? (And asserts are redundand then).

Revision Contents
Changeset List

Path

Size

libexec/

rtld-elf/

29 lines

Diff 147949

libexec/rtld-elf/rtld.c

Loading...