Re: [and paxctl] RT linker, rpath and security

To: Martin Husemann <martin%duskware.de@localhost>
Subject: Re: [and paxctl] RT linker, rpath and security
From: tlaronde%polynum.com@localhost
Date: Thu, 11 May 2023 12:29:43 +0200

Le Thu, May 11, 2023 at 10:37:17AM +0200, Martin Husemann a écrit :
> On Thu, May 11, 2023 at 10:22:08AM +0200, tlaronde%polynum.com@localhost wrote:
> > Would you mind specifying what "admin decisions" you are referring to?
> 
> Installing a binary with an untrusted RPATH

Are the rpath of the dynamically shared ELF executables installed by 
pkgsrc verified? Is it the responsability of "root" to verify them?

> or making some directories writable that should not be.

I can add a /home/Someone directory in the rpath that is only writable
by Someone. If I have access to Someone's account, I do whatever
I want.

What you are saying is that ALL directories should be read-only. And
this must include mounted mfs ones.

BTW paxctl(1) is modifying the behavior, for security/safety, of an
ELF program.

Is this one not a candidate for something settable by paxctl?
-- 
        Thierry Laronde <tlaronde +AT+ polynum +dot+ com>
                     http://www.kergis.com/
                    http://kertex.kergis.com/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89  250D 52B1 AE95 6006 F40C

Follow-Ups:
- Re: [and paxctl] RT linker, rpath and security
  - From: Martin Husemann

References:
- RT linker, rpath and security
  - From: tlaronde
- Re: RT linker, rpath and security
  - From: Martin Husemann
- Re: RT linker, rpath and security
  - From: tlaronde
- Re: RT linker, rpath and security
  - From: Martin Husemann

Prev by Date: Re: RT linker, rpath and security
Next by Date: Re: RT linker, rpath and security
Previous by Thread: Re: RT linker, rpath and security
Next by Thread: Re: [and paxctl] RT linker, rpath and security
Indexes:

Home | Main Index | Thread Index | Old Index