mailing list of musl libc
 help / color / mirror / code / Atom feed
From: Rich Felker <dalias@libc.org>
To: "Skyler Ferrante (RIT Student)" <sjf5462@rit.edu>
Cc: Andreas Schwab <schwab@suse.de>,
	Alejandro Colomar <alx@kernel.org>,
	Thorsten Glaser <tg@mirbsd.de>,
	musl@lists.openwall.com, NRK <nrk@disroot.org>,
	Guillem Jover <guillem@hadrons.org>,
	libc-alpha@sourceware.org, libbsd@lists.freedesktop.org,
	"Serge E. Hallyn" <serge@hallyn.com>,
	Iker Pedrosa <ipedrosa@redhat.com>,
	Christian Brauner <christian@brauner.io>
Subject: Re: [musl] Re: Tweaking the program name for <err.h> functions
Date: Mon, 11 Mar 2024 15:47:56 -0400	[thread overview]
Message-ID: <20240311194756.GY4163@brightrain.aerifal.cx> (raw)
In-Reply-To: <CAEOG19pPhJzJo+3aKV_jUt3GDbH61y44DQNzKEjYxkf=nR-9aQ@mail.gmail.com>

On Mon, Mar 11, 2024 at 11:30:04AM -0400, Skyler Ferrante (RIT Student) wrote:
> Hmm, maybe I'm missing something, but it seems you can close(fd) for
> the standard fds and then call execve, and the new process image will
> have no fd 0,1,2. I've tried this on a default Ubuntu 22.04 system.
> This seems to affect shadow-utils and other setuid/setgid binaries.
> 
> Here is a repo I built for testing,
> https://github.com/skyler-ferrante/fd_omission/. What is the correct
> glibc behavior? Am I misunderstanding something?

As Florian noted, you're missing that strace cannot invoke it suid.
POSIX explicitly permits the implementation to open these fds if they
started closed in suid execs, and IIRC indicates as a future direction
that it might be permitted for all execs. We do the same in musl in
the suid case. So really the only way that "writing attacker
controlled prefix strings to fd 2" becomes an issue is if the
application erroneously closes fd 2 and lets something else get opened
on it.

(Aside: making _FORTIFY_SOURCE>1 trap close(n) with n<3 would be an
interesting idea... :)

Rich

  parent reply	other threads:[~2024-03-11 19:47 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <Zeo-oJOyN9YQXVb1@debian>
     [not found] ` <ZepcO2pa0cwsqr3u@thunder.hadrons.org>
2024-03-08  0:52   ` Alejandro Colomar
2024-03-09 15:02     ` Rich Felker
2024-03-09 15:49       ` Alejandro Colomar
2024-03-09 18:35         ` Andreas Schwab
2024-03-09 18:46           ` Alejandro Colomar
2024-03-09 19:18             ` Markus Wichmann
2024-03-09 19:25             ` Rich Felker
2024-03-09 21:44         ` Thorsten Glaser
2024-03-10  6:01         ` NRK
2024-03-10 13:17           ` Alejandro Colomar
2024-03-10 14:01             ` NRK
2024-03-10 19:39               ` Rich Felker
2024-03-10 22:25                 ` Alejandro Colomar
2024-03-10 23:22                 ` Thorsten Glaser
2024-03-10 23:44                   ` Rich Felker
2024-03-11  0:19                     ` Thorsten Glaser
2024-03-11  0:46                       ` Alejandro Colomar
2024-03-11 14:46                         ` Skyler Ferrante (RIT Student)
2024-03-11 15:09                           ` Andreas Schwab
2024-03-11 15:30                             ` Skyler Ferrante (RIT Student)
2024-03-11 18:23                               ` Florian Weimer
2024-03-11 18:48                                 ` Skyler Ferrante (RIT Student)
2024-03-11 19:05                                   ` enh
2024-03-11 19:44                                     ` Rich Felker
2024-03-11 20:35                                       ` enh
2024-03-11 19:47                               ` Rich Felker [this message]
2024-03-11 20:08                                 ` Skyler Ferrante (RIT Student)
2024-03-11 20:39                                   ` enh
2024-03-11 21:21                                 ` Laurent Bercot
2024-03-11 22:05                                 ` Thorsten Glaser
2024-03-12  0:18                                 ` Gabriel Ravier
2024-03-12  0:43                                   ` Rich Felker
2024-03-12  3:23                                     ` Gabriel Ravier
2024-03-12 14:44                                       ` Rich Felker
2024-03-12 13:54                                   ` Florian Weimer
2024-03-12 14:21                                     ` Zack Weinberg
2024-03-12 14:31                                       ` Florian Weimer
2024-03-12 14:42                                         ` Rich Felker
2024-03-12 19:25                                           ` Zack Weinberg
2024-03-12 21:19                                             ` Rich Felker
2024-03-13  8:28                                             ` Florian Weimer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240311194756.GY4163@brightrain.aerifal.cx \
    --to=dalias@libc.org \
    --cc=alx@kernel.org \
    --cc=christian@brauner.io \
    --cc=guillem@hadrons.org \
    --cc=ipedrosa@redhat.com \
    --cc=libbsd@lists.freedesktop.org \
    --cc=libc-alpha@sourceware.org \
    --cc=musl@lists.openwall.com \
    --cc=nrk@disroot.org \
    --cc=schwab@suse.de \
    --cc=serge@hallyn.com \
    --cc=sjf5462@rit.edu \
    --cc=tg@mirbsd.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/musl/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).