Re: [PATCH] build: fix build of virt-login-shell on systems with older gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/22/2013 04:59 PM, Jim Fehlig wrote:

> Michal pushed the other one that Daniel ACKed.  One thing that concerned
> me, which I forgot to mention in the mail or commit message, was this
> comment above libvirt_setuid_rpc_client in src/Makefile.am
> 
> # Since virt-login-shell will be setuid, we must do everything
> # we can to avoid linking to other libraries.

We can't eliminate every library, but we can assume that some very basic
libraries are capable of being safely used in setuid apps (selinux,
apparmor, and libc among that list).

Meanwhile, we do have proof that other libraries are not so friendly;
among them, Daniel analyzed using LD_PRELOAD that at least libnspr.so
(used by libcurl.so) has at least one unprotected getenv() within a
constructor that could be used merely by loading the shared library into
memory as a way to cause an overwrite of an unintended file in a setuid
app.  So maybe the comment could be tweaked to say "we avoid linking to
all but very basic and well-audited libraries".

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]