Linux compat mode should disallow the execution of setugid applications by default, to protect us against linux userland vulnerabilities as well as subtle interactions between the kernel privilege model in Linux and FreeBSD which may introduce security problems of its own (e.g. allowing a linux binary to do things which a freebsd native binary compiled from the same code cannot do) We don't have any setugid binaries installed from the linux_base and linux_devtools ports so this won't affect the default system. I suggest a sysctl, defaulting to off, which controls whether or not emulated binaries can run with privileges. This is also an issue with other binary compatability systems like SVR4 and should also be fixed there too.
Responsible Changed From-To: freebsd-bugs->marcel Marcel maintains the Linux compat code
Responsible Changed From-To: marcel->emulation Assign to emulation@FreeBSD.org. It is not going to be addressed if it's assigned to me and I don't do it. Maintainership of the Linuxulator has been passed on to emulation@FreeBSD.org as well.
State Changed From-To: open->suspended suspended awaiting patches
Responsible Changed From-To: freebsd-emulation->eadler ping gcooper in a few weeks about this
State Changed From-To: suspended->open suspended is not appropriate for real bugs
Responsible Changed From-To: eadler->freebsd-bugs not going to get to this one for some time so return to the pool
---------- Forwarded message ---------- From: Marcin Cieslak <saper@saper.info> Date: 26 November 2012 16:24 Subject: Re: kern/21463: [linux] Linux compatability mode should not allow setuid programs To: freebsd-emulation@freebsd.org We implement AT_UID and AT_GID process auxillary vector (procstat -x) elements so at least userland library (such as glibc) has a possibility to enter "secure mode" on startup. Not sure if there is anything we can do more (except for disabling the feature altogether) to tell userland to be careful. //Marcin _______________________________________________ freebsd-emulation@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-emulation To unsubscribe, send any mail to "freebsd-emulation-unsubscribe@freebsd.org" -- Eitan Adler
From: Marcin Cieslak <saper@saper.info> Newsgroups: gmane.os.freebsd.devel.emulation Subject: Re: kern/21463: [linux] Linux compatability mode should not allow setuid programs We implement AT_UID and AT_GID process auxillary vector (procstat -x) elements so at least userland library (such as glibc) has a possibility to enter "secure mode" on startup. Not sure if there is anything we can do more (except for disabling the feature altogether) to tell userland to be careful. //Marcin _______________________________________________ freebsd-emulation@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-emulation To unsubscribe, send any mail to "freebsd-emulation-unsubscribe@freebsd.org"
---------- Forwarded message ---------- From: Mateusz Guzik <mjguzik@gmail.com> Date: 26 November 2012 20:42 Subject: Re: kern/21463: [linux] Linux compatability mode should not allow setuid programs To: freebsd-bugs@freebsd.org Hi, I think we should go a step futher and get per-jail support for enabling/disabling Linux compatibility support, possibly along with the ability to control sugid programs. I don't have time to work on this at the moment though. -- Mateusz Guzik <mjguzik gmail.com> _______________________________________________ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscribe@freebsd.org" -- Eitan Adler
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped
https://reviews.freebsd.org/D28154
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=598f6fb49c9ca688029b79de0a44227ab79c608c commit 598f6fb49c9ca688029b79de0a44227ab79c608c Author: Konstantin Belousov <kib@FreeBSD.org> AuthorDate: 2021-01-14 13:51:52 +0000 Commit: Konstantin Belousov <kib@FreeBSD.org> CommitDate: 2021-06-06 18:43:00 +0000 linuxolator: Add compat.linux.setid_allowed knob PR: 21463 Reported by: kris Reviewed by: dchagin Tested by: trasz Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D28154 share/man/man4/linux.4 | 14 +++++++++++++- sys/amd64/linux/linux_sysvec.c | 1 + sys/amd64/linux32/linux32_sysvec.c | 1 + sys/arm64/linux/linux_sysvec.c | 1 + sys/compat/linux/linux_mib.c | 12 ++++++++++++ sys/compat/linux/linux_mib.h | 3 +++ sys/i386/linux/linux_sysvec.c | 2 ++ 7 files changed, 33 insertions(+), 1 deletion(-)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=dc107fe1f939c7d4c5575868202b4cd3edf3e846 commit dc107fe1f939c7d4c5575868202b4cd3edf3e846 Author: Konstantin Belousov <kib@FreeBSD.org> AuthorDate: 2021-01-14 13:51:52 +0000 Commit: Konstantin Belousov <kib@FreeBSD.org> CommitDate: 2021-06-13 01:22:33 +0000 linuxolator: Add compat.linux.setid_allowed knob PR: 21463 (cherry picked from commit 598f6fb49c9ca688029b79de0a44227ab79c608c) share/man/man4/linux.4 | 14 +++++++++++++- sys/amd64/linux/linux_sysvec.c | 1 + sys/amd64/linux32/linux32_sysvec.c | 1 + sys/arm64/linux/linux_sysvec.c | 1 + sys/compat/linux/linux_mib.c | 12 ++++++++++++ sys/compat/linux/linux_mib.h | 3 +++ sys/i386/linux/linux_sysvec.c | 2 ++ 7 files changed, 33 insertions(+), 1 deletion(-)