Project

General

Profile

Bug #6987

disallow setid binaries with $ORIGIN in PT_INTERP

Added by Robert Mustacchi about 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
kernel
Start date:
2016-05-20
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:

Description

Currently $ORIGIN is honored in a PT_INTERP section regardless of whether the binary is setid or not. If a binary were constructed and setid in this way, it would allow someone else to play games with the interpreter. While this is an extremely rare combination, it's worth clamping it off at the bit.

History

#1

Updated by Robert Mustacchi about 3 years ago

  • Subject changed from $ORIGIN in PT_INTERP should not be honored for setid binaries to disallow setid binaries with $ORIGIN in PT_INTERP
#2

Updated by Electric Monk almost 3 years ago

  • Status changed from New to Closed

git commit 03973b9c824451c1d02fc613e033aa196a15ae3c

commit  03973b9c824451c1d02fc613e033aa196a15ae3c
Author: Jerry Jelinek <jerry.jelinek@joyent.com>
Date:   2016-05-24T02:22:13.000Z

    6987 disallow setid binaries with $ORIGIN in PT_INTERP
    Reviewed by: Robert Mustacchi <rm@joyent.com>
    Reviewed by: Joshua M. Clulow <jmc@joyent.com>
    Reviewed by: Dan McDonald <danmcd@omniti.com>
    Reviewed by: Andy Stormont <astormont@racktopsystems.com>
    Reviewed by: Garrett D'Amore <garrett@damore.org>
    Approved by: Dan McDonald <danmcd@omniti.com>

Also available in: Atom PDF