Bug #6987

disallow setid binaries with $ORIGIN in PT_INTERP

Added by Robert Mustacchi over 1 year ago. Updated about 1 year ago.

Status:ClosedStart date:2016-05-20
Priority:NormalDue date:
Assignee:Jerry Jelinek% Done:

100%

Category:kernel
Target version:-
Difficulty:Medium Tags:

Description

Currently $ORIGIN is honored in a PT_INTERP section regardless of whether the binary is setid or not. If a binary were constructed and setid in this way, it would allow someone else to play games with the interpreter. While this is an extremely rare combination, it's worth clamping it off at the bit.

History

#1 Updated by Robert Mustacchi over 1 year ago

  • Subject changed from $ORIGIN in PT_INTERP should not be honored for setid binaries to disallow setid binaries with $ORIGIN in PT_INTERP

#2 Updated by Electric Monk about 1 year ago

  • Status changed from New to Closed

git commit 03973b9c824451c1d02fc613e033aa196a15ae3c

commit  03973b9c824451c1d02fc613e033aa196a15ae3c
Author: Jerry Jelinek <jerry.jelinek@joyent.com>
Date:   2016-05-24T02:22:13.000Z

    6987 disallow setid binaries with $ORIGIN in PT_INTERP
    Reviewed by: Robert Mustacchi <rm@joyent.com>
    Reviewed by: Joshua M. Clulow <jmc@joyent.com>
    Reviewed by: Dan McDonald <danmcd@omniti.com>
    Reviewed by: Andy Stormont <astormont@racktopsystems.com>
    Reviewed by: Garrett D'Amore <garrett@damore.org>
    Approved by: Dan McDonald <danmcd@omniti.com>

Also available in: Atom