On Mon, May 15, 2017 at 01:08:55PM -0600, Ian Lepore wrote: > On Mon, 2017-05-15 at 22:00 +0300, Konstantin Belousov wrote: > > On Mon, May 15, 2017 at 06:52:36PM +0000, Alexey Dokuchaev wrote: > > > > > > On Mon, May 15, 2017 at 06:48:58PM +0000, Konstantin Belousov > > > wrote: > > > > > > > > New Revision: 318313 > > > > URL: https://svnweb.freebsd.org/changeset/base/318313 > > > > > > > > Log: > > > > ? Make ld-elf.so.1 directly executable. > > > Does it mean that old Linux' trick of /lib/ld-linux.so.2 /bin/chmod > > > +x > > > /bin/chmod would now be possible on FreeBSD as well? > > Yes. > > > > > > > > Does this have any security implications? > > What do you mean ? > > > > Well, for example, it seems like it would allow anyone to execute a > binary even if the sysadmin had set it to -x specifically to prevent > people from running it.
It additionally subverts application whitelisting schemes where all dependent shared objects (even the rtld) are checked (such is the case with Integriforce in HardenedBSD). Since even the rtld is checked, an attacker can now bypass the application whitelisting scheme by running: /libexec/ld-elf.so.1 /path/to/previously/disallowed/executable Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
