Proposing to host system-auth-agent in fdo

Alex Perez aperez at student.santarosa.edu
Wed Oct 13 21:14:58 EEST 2004 

Carlos Garnacho wrote:

>On Wed, 2004-10-13 at 10:17 +0200, Alexander Larsson wrote:
>  
>
>>On Tue, 2004-10-12 at 19:05 +0200, Carlos Garnacho wrote:
>>
>>    
>>
>>>In order to avoid malicious use of the program/API, there's a list of
>>>applications that are allowed to use the program, this list can be only
>>>handled by the root user, and the package already provides 2 commands to
>>>install/uninstall applications in that list (ideally, this will be
>>>handled transparently, during make install, rpm -i, dpkg -i, ...), so
>>>any application using this program will be there under the root user
>>>consent.
>>>      
>>>
>>I'd like to point out that the way this is handled:
>>
>>static char*
>>get_calling_app (void)
>>{
>>  pid_t ppid = 0;
>>  char  path[PATH_MAX], *link;
>>  int   length;
>>
>>  ppid = getppid ();
>>  sprintf (path, "/proc/%d/exe", ppid);
>>  link = (char *) malloc (sizeof (char) * PATH_MAX);
>>  
>>  length = readlink (path, link, PATH_MAX);
>>
>>Isn't very secure. Basically, to overcome it you only need to do:
>>LD_PRELOAD=/tmp/evil_code.so /usr/bin/trusted_binary
>>    
>>
>
>While it's true that the program should unset those vars before exec'ing
>the called application, the loader ignores any LD_PRELOAD or
>LD_LIBRARY_PATH envvar if the running program is setuid/setgid, so it's
>not an inmediate problem
>
>  
>
>>Furthermore, the /proc use is linux-only.
>>    
>>
>
>I've found the equivalence in FreeBSD 5.3Beta1, and I'm sure that
>Solaris gets this info from /proc too, it was created for things like
>this
>
>This /proc use might be a problem when/if there are python/perl/...
>bindings, because that symlink would point to the interpreter, but I'm
>sure that it can be fixed with a plugin system (or simply custom
>functions) to parse /proc/$pid/cmdline. But anyway, I think that it's
>the most secure way to know that the app is authorized to use the agent
>
>	Carlos
>
>  
>
>>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>> Alexander Larsson                                            Red Hat, Inc 
>>                   alexl at redhat.com    alla at lysator.liu.se 
>>He's a shy dishevelled romance novelist in a wheelchair. She's a vivacious 
>>gold-digging femme fatale who dreams of becoming Elvis. They fight crime! 
>>    
>>
Just to throw a huge wrench into your perfect little plan, FreeBSD 
6-CURRENT has deprecated /proc. You can simply not assume every unix has 
a /proc.

More information about the xdg mailing list