suenv

To: tech-userlevel%netbsd.org@localhost, tech-kern%netbsd.org@localhost
Subject: suenv
From: manu%netbsd.org@localhost (Emmanuel Dreyfus)
Date: Tue, 23 Oct 2012 16:31:52 +0200

Background: libpthread is tagged as not loadable by dlopen() in
NetBSD-6.0. This breaks PAM modules that are linked with -lpthread or
that dlopen() other objects linked with -lpthread. 

Real life example is: 
su-> libpam.so -> pam_p11_opensc.so -> libp11.so ->  opensc-pkcs11.so
[uses pthread_mutex_t]  -> libopensc.so -> libpcsclite.so [uses
pthread_start]

Possible workaround: set LD_PRELOAD=/usr/lib/libpthread.so so that
libpthread is loaded at process tartup time. But that will not work with
set-UID binaries.

In that situation, and perhaps in others, it would be nice if the
administrator could configure a trusted environement for setUID
binaries. We would need a way to feed a colon-separated list of
environement variables (example:
LD_PRELOAD=/usr/lib/libpthread.so:FOO=bar). I see two way of dealing
with it:
1) lookup in /etc/suenv.d/$progname (probably libc based)
2) use sysctl security.suenv.$progname (kernel based)

I like the second one, which is simple to implement and cannot be messed
up with incorrect file permissions. I would fix my problem like this:
sysctl -w security.suenv.su=LD_PRELOAD=/usr/lib/libpthread.so
sysctl -w security.suenv.login=LD_PRELOAD=/usr/lib/libpthread.so

Opinions?
-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost

Follow-Ups:
- Re: suenv
  - From: David Holland
- Re: suenv
  - From: Martin Husemann
- Re: suenv
  - From: Paul Goyette
- Re: suenv
  - From: Thor Lancelot Simon

Prev by Date: Re: NetBSD 6.0/amd64 panic: ciss: dead (DL ProLiant 360P)
Next by Date: Re: NetBSD 6.0/amd64 panic: ciss: dead (DL ProLiant 360P)
Previous by Thread: NetBSD 6.0/amd64 panic: ciss: dead (DL ProLiant 360P)
Next by Thread: Re: suenv
Indexes:

Home | Main Index | Thread Index | Old Index