On Sat, Jan 14, 2012 at 6:15 PM, Andrey Chernov <a...@freebsd.org> wrote: > On Sat, Dec 24, 2011 at 02:26:20AM -0800, Xin LI wrote: >> chroot(2) can create legitimate and secure environment where dlopen(2) >> is safe and necessary. > > It seems it is internal contradiction in your argumentation: > 1) You state that chroot(2) can create legitimate environment. > 2) For ftpd's you disable .so loading in any case, i.e. even for > legitimate environment too and you want to do so intentionally refusing > passing responsibility to chroot(2) environment creator. > > In that situation the only suggestion of something like public interface > is setting enviroment variable like "LD_SO_DISABLE" which prevents .so > loading in libc. > > This is more clear than your stopgap. > > And please don't say that enviroment variable can be overwritten by the > user inside ftpd itself, it is not so. And for case when some ftpd allows > to call _any_ external program, it could do anything, like with your > stopgap too.
Why you need anything if the program needs to run something inside the chroot, which means one already have set up a full chroot environment? Cheers, -- Xin LI <delp...@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
