From proff@profane.iq.org  Sat Feb  1 09:56:21 1997
Received: from profane.iq.org (profane.iq.org [203.4.184.217])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA02095;
          Sat, 1 Feb 1997 09:56:06 -0800 (PST)
Received: (from proff@localhost)
          by profane.iq.org (8.8.4/8.8.2) id EAA07388;
          Sun, 2 Feb 1997 04:57:29 +1100 (EST)
Message-Id: <199702011757.EAA07388@profane.iq.org>
Date: Sun, 2 Feb 1997 04:57:29 +1100 (EST)
From: Julian Assange <proff@iq.org>
Reply-To: proff@iq.org
To: FreeBSD-gnats-submit@freebsd.org, rms@gnu.ai.mit.edu, dyson@freebsd.org
Subject: <Synopsis of the problem (one line)> rtld patches for easy creation of chroot enviroments
X-Send-Pr-Version: 3.2

>Number:         2634
>Category:       bin
>Synopsis:       rtld patches for easy creation of chroot enviroments
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Feb  1 10:00:01 PST 1997
>Closed-Date:    Sun Feb 23 06:54:44 PST 1997
>Last-Modified:  Sun Feb 23 06:59:00 PST 1997
>Originator:     Julian Assange
>Release:        FreeBSD 3.0-CURRENT i386
>Organization:
>Environment:

	

>Description:

[note to rms: can you bounce this to whoever is responsible for gnu rtld?
 my distribution doesn't have any contact details :(]

Creation of chrooted() enviroments is normally quite a difficult
affair and impossible to do securely without source modification
of the program to be executed [otherwise you have executeables or
shared library images in the chrooted() area].

The following patches allow very easy creation of chrooted areas, without
source modification, or unsafe static linking or copying of library images.

e.g

# export LD_CHROOT=/usr/local/chroot/named
# named

	

>How-To-Repeat:

	

>Fix:
	
	


--- src/gnu/usr.bin/ld/rtld/rtld.c~	Sun Feb  2 04:29:16 1997
+++ src/gnu/usr.bin/ld/rtld/rtld.c	Sun Feb  2 04:21:36 1997
@@ -194,6 +194,7 @@
 static char		*ld_tracing;
 static char		*ld_suppress_warnings;
 static char		*ld_warn_non_pure_code;
+static char		*ld_chroot;
 
 struct so_map		*link_map_head;
 struct so_map		*link_map_tail;
@@ -411,6 +412,13 @@
 	(void)close(crtp->crt_ldfd);
 	anon_close();
 
+	if (ld_chroot) {
+		if (chdir(ld_chroot) !=0 ||
+		    chroot(ld_chroot) !=0 ||
+		    chdir("/") !=0)
+			err(1, "LD_CHROOT(%s) failed", ld_chroot);
+	}
+
 	return LDSO_VERSION_HAS_DLEXIT;
 }
 
@@ -2037,6 +2045,7 @@
 	L("LD_BIND_NOW=",		0, &ld_bind_now)
 	L("LD_SUPPRESS_WARNINGS=",	0, &ld_suppress_warnings)
 	L("LD_WARN_NON_PURE_CODE=",	0, &ld_warn_non_pure_code)
+	L("LD_CHROOT=",			1, &ld_chroot)
 	{ NULL, 0, NULL }
 };
 #undef L
--- src/gnu/usr.bin/ld/rtld/rtld.1~	Sun Feb  2 04:29:10 1997
+++ src/gnu/usr.bin/ld/rtld/rtld.1	Sun Feb  2 04:24:51 1997
@@ -117,6 +117,9 @@
 the directories specified by LD_LIBRARY_PATH will be searched first
 followed by the set of built-in standard directories.
 This is ignored for set-user-ID and set-group-ID programs.
+.It Ev LD_CHROOT
+Directory to chroot() to immediately after linking.
+This is ignored for set-user-ID and set-group-ID programs.
 .It Ev LD_BIND_NOW
 When set to a nonempty string, causes
 .Nm
@@ -219,6 +222,7 @@
 .Sh SEE ALSO
 .Xr ld 1 ,
 .Xr link 5 ,
-.Xr ldconfig 8
+.Xr ldconfig 8 ,
+.Xr chroot 2
 .Sh HISTORY
 The shared library model employed first appeared in SunOS 4.0
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: phk 
State-Changed-When: Sun Feb 23 06:54:44 PST 1997 
State-Changed-Why:  

The actual advantage of using this feature has not been documented to 
exceed the very high threshold it has to cross to get to mess with the 
shared library mechanism. 

There seems no overwhelming reason not to call this creeping featurism 
or downright bloat, and the feature is of use only in environments where 
you would already have had to hack the sources heavily, qed: perfect 
fodder for a local enhancement. 

closed. 
>Unformatted:
