On Mon, Jul 29, 2013 at 10:12:54AM +0200, Mateusz Guzik wrote: > On Mon, Jul 29, 2013 at 10:33:53AM +0800, Julian Elischer wrote: > > On 7/29/13 4:49 AM, Mateusz Guzik wrote: > > >On Sun, Jul 28, 2013 at 11:31:10PM +0400, Gennady Proskurin wrote: > > >>Hello. > > >>When linux binary is passed to FreeBSD's ldd as argument, this binary is executed. > > >>I'm sure this is bug :) > > >>(with security involved) > > >> > > >I have a patch for this, but never got around to commit it. > > > > > >http://people.freebsd.org/~mjg/patches/ldd-non-freebsd-ignore.diff > > > > > >If someone wants, go ahead and steal it. > > > > > For those of us that are not ldd experts, why does this happen, > > what's the history and > > what happends on Linux? > > I vagualy remember that linux may somehow execute something in this > > case but my memory is very vague on the topic. > > right, sorry. > > Short version is that both FreeBSD and Linux ldd set > LD_TRACE_LOADED_OBJECTS environment variable and run the binary > expecting runtime linker to act accordingly. > > However, FreeBSD sets LD*32*_TRACE_LOADED_OBJECTS for 32-bit binaries, > thus Linux linker just proceeds with execution. > > Looks like we have several PRs related to this, notably > http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/127276 . > > and looks like markj (cc-ed) took another PR, someone should clean this > up. > > 127276 suggests running the binary as is (which I don't like) and > achieves this with a hacky way. So if we really want to do this, the > patch should be reworked to detect Linux binaries properly. > > In general we should gain linux_ldd (like linux_kdump) and our ldd > should work only on FreeBSD binaries. The last part is achieved with my > patch. > > markj, are you working on this? Not really; my original fix for this problem was essentially the same as yours. That is, just change ldd(1) to bail if the OS ABI byte isn't equal to ELFOSABI_FREEBSD. That's the change I have committed in my local tree right now. Then I thought I'd try to get ldd to work properly with Linux binaries as well, but wasn't sure what the right approach should be. As the above PR suggests, the easy thing to do is to just pass LD_TRACE_LOADED_OBJECTS and not LD_32_TRACE_LOADED_OBJECTS for 32-bit ELF objects if the OS isn't FreeBSD. This feels somewhat hacky to me, but I didn't really see another approach. That said, I think your patch should be committed since it's clearly an improvement over the current behaviour. I'm willing to test and commit it, and clean up the open PRs. If you could expand on the right way to handle Linux binaries, I'd be willing to implement and commit that too. I don't quite understand your reference to linux_kdump though - I have no such program on my laptop running CURRENT, and ktrace+kdump seem to work fine with the Linux binaries under /compat/linux. Thanks, -MarkReceived on Mon Jul 29 2013 - 13:55:42 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:39 UTC