Bug #6987: disallow setid binaries with $ORIGIN in PT_INTERP - illumos gate - illumos

Actions

Copy link

Bug #6987

closed

disallow setid binaries with $ORIGIN in PT_INTERP

Added by Robert Mustacchi over 7 years ago. Updated over 7 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Jerry Jelinek

Category:

kernel

Start date:

2016-05-20

Due date:

% Done:

100%

Estimated time:

Difficulty:

Medium

Tags:

Gerrit CR:

External Bug:

Description

Currently $ORIGIN is honored in a PT_INTERP section regardless of whether the binary is setid or not. If a binary were constructed and setid in this way, it would allow someone else to play games with the interpreter. While this is an extremely rare combination, it's worth clamping it off at the bit.

Actions

Copy link

Updated by Robert Mustacchi over 7 years ago

Subject changed from $ORIGIN in PT_INTERP should not be honored for setid binaries to disallow setid binaries with $ORIGIN in PT_INTERP

Actions

Copy link

Updated by Electric Monk over 7 years ago

Status changed from New to Closed

git commit 03973b9c824451c1d02fc613e033aa196a15ae3c

commit  03973b9c824451c1d02fc613e033aa196a15ae3c
Author: Jerry Jelinek <jerry.jelinek@joyent.com>
Date:   2016-05-24T02:22:13.000Z

    6987 disallow setid binaries with $ORIGIN in PT_INTERP
    Reviewed by: Robert Mustacchi <rm@joyent.com>
    Reviewed by: Joshua M. Clulow <jmc@joyent.com>
    Reviewed by: Dan McDonald <danmcd@omniti.com>
    Reviewed by: Andy Stormont <astormont@racktopsystems.com>
    Reviewed by: Garrett D'Amore <garrett@damore.org>
    Approved by: Dan McDonald <danmcd@omniti.com>

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

illumos gate

Custom queries

Bug #6987

disallow setid binaries with $ORIGIN in PT_INTERP

Updated by Robert Mustacchi over 7 years ago

Updated by Electric Monk over 7 years ago