-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Fri, 2019-02-15 at 13:17 +0000, Thorsten Glaser wrote: > > I think one reason I never really consider this chage is because my > > security foo are not great enough to understand to throughly understand > > all the possible implications such change could have. > > > > Therefore, I'd rather have somebody that I know be security-minded to > > tell me this is really fine before I go on with this. > > indeed. I *think* it’s fine because all it allows is suid executables > to use eatmydata as installed in the system (not user-manipulated), > but that might be too much for some people (it does, after all, create > more attack surface, but given that the invoker has to manually add > the library to LD_PRELOAD, he would have been aware of that it’s used).
Hi, at first sight I'm not a huge fan of that. LD_PRELOAD and setuid stuff is always a bit tricky, because abusing setuid files (and libraries here) might mean privilege escalation. At lot of attacks in the past just abused setuid binaries to do bad stuff in order to gain root privilege. I'm unsure if and how it can be used with eatmydata, but considering the library purpose is to tune open(2) flags and cancel direct calls to other syscalls, I'm really not sure it's a good idea. Maybe Aurelien and Florian (on team@ but CC:ed just in case) have some input on this too? It might be worth asking opinions on oss-sec as well. Regards, - -- Yves-Alexis -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlxm2a0ACgkQ3rYcyPpX RFvaOggA2mPQSTBbue+AwBijy4QiEl6IZPnLiAv5hmZMwA3kGC5d7VfkXy4Lmhad pUxr0EKHE5CHBbOwrFLmv8NtTcyj6rMJsObb8d0voZfHLit84e4EsDclV2iE7Ceg VvRMqyxHQUDNNY9/nS+vZ4XLGDNBXH13gpyWfW3KgWjFfV5emXW71DwneGy/Rn1A yZXlzz+4zPb/cdjlF/rCXJarsgEgRbPwh2toDH5My3H/advbDF7O+A0uSOfTXoAd 3vHYKbRGQuLXTwyf8PKLxsykXXeTjmyKP76KDkV8JeSPCL2AzQ/rZC+4p5NIMN+P S+P1AChW1T2cyNTtF+ADB0Yx20z5BA== =EfnC -----END PGP SIGNATURE-----
