From nobody@FreeBSD.ORG  Thu Sep 21 17:48:42 2000
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 1689137B43E; Thu, 21 Sep 2000 17:48:42 -0700 (PDT)
Message-Id: <20000922004842.1689137B43E@hub.freebsd.org>
Date: Thu, 21 Sep 2000 17:48:42 -0700 (PDT)
From: kris@freebsd.org
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@FreeBSD.org
Subject: Linux compatability mode should not allow setuid programs
X-Send-Pr-Version: www-1.0

>Number:         21463
>Category:       kern
>Synopsis:       [linux] Linux compatability mode should not allow setuid programs
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 21 17:50:00 PDT 2000
>Closed-Date:    
>Last-Modified:  Tue Nov 27 01:50:00 UTC 2012
>Originator:     Kris Kennaway
>Release:        
>Organization:
>Environment:
>Description:
Linux compat mode should disallow the execution of setugid applications
by default, to protect us against linux userland vulnerabilities as well
as subtle interactions between the kernel privilege model in Linux and
FreeBSD which may introduce security problems of its own (e.g. allowing
a linux binary to do things which a freebsd native binary compiled from 
the same code cannot do)

We don't have any setugid binaries installed from the linux_base and
linux_devtools ports so this won't affect the default system. I suggest
a sysctl, defaulting to off, which controls whether or not emulated
binaries can run with privileges.

This is also an issue with other binary compatability systems like SVR4
and should also be fixed there too.

>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->marcel 
Responsible-Changed-By: kris 
Responsible-Changed-When: Thu Sep 21 17:51:35 PDT 2000 
Responsible-Changed-Why:  
Marcel maintains the Linux compat code 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21463 
Responsible-Changed-From-To: marcel->emulation 
Responsible-Changed-By: marcel 
Responsible-Changed-When: Sat Nov 17 22:15:43 PST 2001 
Responsible-Changed-Why:  
Assign to emulation@FreeBSD.org. It is not going to be addressed if 
it's assigned to me and I don't do it. Maintainership of the Linuxulator 
has been passed on to emulation@FreeBSD.org as well. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=21463 
State-Changed-From-To: open->suspended 
State-Changed-By: eadler 
State-Changed-When: Sat Sep 24 04:13:31 UTC 2011 
State-Changed-Why:  
suspended awaiting patches 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21463 
Responsible-Changed-From-To: freebsd-emulation->eadler 
Responsible-Changed-By: eadler 
Responsible-Changed-When: Sat Sep 24 04:32:53 UTC 2011 
Responsible-Changed-Why:  
ping gcooper in a few weeks about this 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21463 
State-Changed-From-To: suspended->open 
State-Changed-By: eadler 
State-Changed-When: Mon May 7 03:49:00 UTC 2012 
State-Changed-Why:  
suspended is not appropriate for real bugs 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21463 
Responsible-Changed-From-To: eadler->freebsd-bugs 
Responsible-Changed-By: eadler 
Responsible-Changed-When: Tue Jun 19 06:55:37 UTC 2012 
Responsible-Changed-Why:  
not going to get to this one for some time so return to the pool 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21463 

From: Eitan Adler <lists@eitanadler.com>
To: bug-followup@freebsd.org
Cc:  
Subject: Re: kern/21463: [linux] Linux compatability mode should not allow
 setuid programs
Date: Mon, 26 Nov 2012 18:24:10 -0500

 ---------- Forwarded message ----------
 From: Marcin Cieslak <saper@saper.info>
 Date: 26 November 2012 16:24
 Subject: Re: kern/21463: [linux] Linux compatability mode should not
 allow setuid programs
 To: freebsd-emulation@freebsd.org
 
 
 We implement AT_UID and AT_GID process auxillary vector
 (procstat -x) elements so at least userland library
 (such as glibc) has a possibility to enter "secure mode"
 on startup.
 
 Not sure if there is anything we can do more (except
 for disabling the feature altogether) to tell userland
 to be careful.
 
 //Marcin
 
 _______________________________________________
 freebsd-emulation@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-emulation
 To unsubscribe, send any mail to "freebsd-emulation-unsubscribe@freebsd.org"
 
 
 -- 
 Eitan Adler

From: Marcin Cieslak <saper@l.saper.info>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Fwd: Re: kern/21463: [linux] Linux compatability mode should not
 allow setuid programs
Date: Mon, 26 Nov 2012 23:30:51 +0000

 From: Marcin Cieslak <saper@saper.info>
 Newsgroups: gmane.os.freebsd.devel.emulation
 Subject: Re: kern/21463: [linux] Linux compatability mode should not allow setuid programs
 
 We implement AT_UID and AT_GID process auxillary vector
 (procstat -x) elements so at least userland library
 (such as glibc) has a possibility to enter "secure mode"
 on startup.
 
 Not sure if there is anything we can do more (except
 for disabling the feature altogether) to tell userland
 to be careful.
 
 //Marcin
 
 _______________________________________________
 freebsd-emulation@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-emulation
 To unsubscribe, send any mail to "freebsd-emulation-unsubscribe@freebsd.org"
 

From: Eitan Adler <lists@eitanadler.com>
To: bug-followup@freebsd.org
Cc:  
Subject: Re: kern/21463: [linux] Linux compatability mode should not allow
 setuid programs
Date: Mon, 26 Nov 2012 20:44:53 -0500

 ---------- Forwarded message ----------
 From: Mateusz Guzik <mjguzik@gmail.com>
 Date: 26 November 2012 20:42
 Subject: Re: kern/21463: [linux] Linux compatability mode should not
 allow setuid programs
 To: freebsd-bugs@freebsd.org
 
 
 Hi,
 
 I think we should go a step futher and get per-jail support for
 enabling/disabling Linux compatibility support, possibly along with the
 ability to control sugid programs.
 
 I don't have time to work on this at the moment though.
 
 --
 Mateusz Guzik <mjguzik gmail.com>
 _______________________________________________
 freebsd-bugs@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
 To unsubscribe, send any mail to "freebsd-bugs-unsubscribe@freebsd.org"
 
 
 -- 
 Eitan Adler
>Unformatted:
