Re: RT linker, rpath and security

To: tlaronde%polynum.com@localhost
Subject: Re: RT linker, rpath and security
From: Martin Husemann <martin%duskware.de@localhost>
Date: Thu, 11 May 2023 16:18:24 +0200

On Thu, May 11, 2023 at 04:07:13PM +0200, tlaronde%polynum.com@localhost wrote:
> As easy as using ldd(1)? Which won't tell you the true story. Only
> "readelf -d" will tell you. I would be very surprised if it was common
> practice. If it was, it would be mentionned in security(7) I guess?

You lost me here. It is quite easy to do if you really care, but not
exactly needed (IMHO) if you only use binaries from base and pkgsrc
(or compile them yourself and trust yourself enough).

> BTW, "/etc/security" should be changed: it verifies that there is no
> directory writable by others in root PATH... 

I wouldn't mind it being enhanced (maybe optional) like Greg did suggest
and check all RPATH of all binaries "statically" and complaining loud
in the daily report if it finds relative or writable paths.

Martin

References:
- RT linker, rpath and security
  - From: tlaronde
- Re: RT linker, rpath and security
  - From: Martin Husemann
- Re: RT linker, rpath and security
  - From: tlaronde
- Re: RT linker, rpath and security
  - From: Mouse
- Re: RT linker, rpath and security
  - From: tlaronde
- Re: RT linker, rpath and security
  - From: Martin Husemann
- Re: RT linker, rpath and security
  - From: tlaronde

Prev by Date: Re: RT linker, rpath and security
Next by Date: Re: RT linker, rpath and security
Previous by Thread: Re: RT linker, rpath and security
Next by Thread: Re: RT linker, rpath and security
Indexes:

Home | Main Index | Thread Index | Old Index