Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 12 Oct 2002 13:41:23 +0400
From: Solar Designer <solar@...nwall.com>
To: "John E. Davis" <davis@...ce.mit.edu>
Cc: security-audit@...ret.lmh.ox.ac.uk, xvendor@...ts.openwall.com
Subject: slang 1.4.6 Owl patches

John,

Attached to this message are two patches and RPM spec file from our
S-Lang package in Owl (http://www.openwall.com/Owl/)

I did a review of the library code for environment variable uses and
restricted those which would be unsafe in SUID/SGID programs, in a
glibc-specific way.  While I think that it's an extremely bad idea to
use slang in this way, I also feel that as a distribution providing
the library we're somewhat responsible for the consequences of such
misuses.  Hence the patch.

If you choose to make a similar change to the official slang, the
references to __secure_getenv() and __libc_enable_secure need to be
replaced with similar slang-internal interfaces which would rely on:

1. issetugid(2) where available (*BSD);
2. __libc_enable_secure on glibc;
3. getuid() != geteuid() || getgid() != getegid() first time, cached
result afterwards.

The third possibilities isn't as secure as the first two because it is
possible that the program has started as SUID/SGID and possesses access
to a privileged resource (open files, data in address space), but has
already relinquished its privileged effective IDs so that's not detected.

Oh, by the way, it'd be nice to allow for specifying ELF_CFLAGS without
having to patch the configure script.

-- 
/sd

View attachment "slang-1.4.6-owl-fixes.diff" of type "text/plain" (7457 bytes)

View attachment "slang-1.4.6-owl-tmp.diff" of type "text/plain" (1300 bytes)

View attachment "slang.spec" of type "text/plain" (2682 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the xvendor mailing list charter.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ