Bug 21463

Summary: [linux] Linux compatability mode should not allow setuid programs
Product: Base System Reporter: Kris Kennaway <kris>
Component: kernAssignee: freebsd-emulation (Nobody) <emulation>
Status: Closed FIXED    
Severity: Affects Only Me CC: emaste, jamie, kib, lwhsu, trasz
Priority: Normal    
Version: 1.0-RELEASE   
Hardware: Any   
OS: Any   
Bug Depends on:    
Bug Blocks: 247219    

Description Kris Kennaway freebsd_committer freebsd_triage 2000-09-22 01:50:00 UTC 
Linux compat mode should disallow the execution of setugid applications
by default, to protect us against linux userland vulnerabilities as well
as subtle interactions between the kernel privilege model in Linux and
FreeBSD which may introduce security problems of its own (e.g. allowing
a linux binary to do things which a freebsd native binary compiled from 
the same code cannot do)

We don't have any setugid binaries installed from the linux_base and
linux_devtools ports so this won't affect the default system. I suggest
a sysctl, defaulting to off, which controls whether or not emulated
binaries can run with privileges.

This is also an issue with other binary compatability systems like SVR4
and should also be fixed there too.
Comment 1 Kris Kennaway freebsd_committer freebsd_triage 2000-09-22 01:51:35 UTC 
Responsible Changed
From-To: freebsd-bugs->marcel

Marcel maintains the Linux compat code
Comment 2 Marcel Moolenaar freebsd_committer freebsd_triage 2001-11-18 06:15:43 UTC 
Responsible Changed
From-To: marcel->emulation

Assign to emulation@FreeBSD.org. It is not going to be addressed if 
it's assigned to me and I don't do it. Maintainership of the Linuxulator 
has been passed on to emulation@FreeBSD.org as well.
Comment 3 Eitan Adler freebsd_committer freebsd_triage 2011-09-24 05:13:31 UTC 
State Changed
From-To: open->suspended

suspended awaiting patches
Comment 4 Eitan Adler freebsd_committer freebsd_triage 2011-09-24 05:32:53 UTC 
Responsible Changed
From-To: freebsd-emulation->eadler

ping gcooper in a few weeks about this
Comment 5 Eitan Adler freebsd_committer freebsd_triage 2012-05-07 04:49:00 UTC 
State Changed
From-To: suspended->open

suspended is not appropriate for real bugs
Comment 6 Eitan Adler freebsd_committer freebsd_triage 2012-06-19 07:55:37 UTC 
Responsible Changed
From-To: eadler->freebsd-bugs

not going to get to this one for some time so return to the pool
Comment 7 Eitan Adler freebsd_committer freebsd_triage 2012-11-26 23:24:10 UTC 
---------- Forwarded message ----------
From: Marcin Cieslak <saper@saper.info>
Date: 26 November 2012 16:24
Subject: Re: kern/21463: [linux] Linux compatability mode should not
allow setuid programs
To: freebsd-emulation@freebsd.org


We implement AT_UID and AT_GID process auxillary vector
(procstat -x) elements so at least userland library
(such as glibc) has a possibility to enter "secure mode"
on startup.

Not sure if there is anything we can do more (except
for disabling the feature altogether) to tell userland
to be careful.

//Marcin

_______________________________________________
freebsd-emulation@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-emulation
To unsubscribe, send any mail to "freebsd-emulation-unsubscribe@freebsd.org"


-- 
Eitan Adler
Comment 8 saper 2012-11-26 23:30:51 UTC 
From: Marcin Cieslak <saper@saper.info>
Newsgroups: gmane.os.freebsd.devel.emulation
Subject: Re: kern/21463: [linux] Linux compatability mode should not allow setuid programs

We implement AT_UID and AT_GID process auxillary vector
(procstat -x) elements so at least userland library
(such as glibc) has a possibility to enter "secure mode"
on startup.

Not sure if there is anything we can do more (except
for disabling the feature altogether) to tell userland
to be careful.

//Marcin

_______________________________________________
freebsd-emulation@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-emulation
To unsubscribe, send any mail to "freebsd-emulation-unsubscribe@freebsd.org"
Comment 9 Eitan Adler freebsd_committer freebsd_triage 2012-11-27 01:44:53 UTC 
---------- Forwarded message ----------
From: Mateusz Guzik <mjguzik@gmail.com>
Date: 26 November 2012 20:42
Subject: Re: kern/21463: [linux] Linux compatability mode should not
allow setuid programs
To: freebsd-bugs@freebsd.org


Hi,

I think we should go a step futher and get per-jail support for
enabling/disabling Linux compatibility support, possibly along with the
ability to control sugid programs.

I don't have time to work on this at the moment though.

--
Mateusz Guzik <mjguzik gmail.com>
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscribe@freebsd.org"


-- 
Eitan Adler
Comment 10 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 08:00:15 UTC 
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped
Comment 11 Konstantin Belousov freebsd_committer freebsd_triage 2021-01-14 13:58:24 UTC 
https://reviews.freebsd.org/D28154
Comment 12 commit-hook freebsd_committer freebsd_triage 2021-06-06 19:26:40 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=598f6fb49c9ca688029b79de0a44227ab79c608c

commit 598f6fb49c9ca688029b79de0a44227ab79c608c
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2021-01-14 13:51:52 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2021-06-06 18:43:00 +0000

    linuxolator: Add compat.linux.setid_allowed knob

    PR:     21463
    Reported by:    kris
    Reviewed by:    dchagin
    Tested by:      trasz
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D28154

 share/man/man4/linux.4             | 14 +++++++++++++-
 sys/amd64/linux/linux_sysvec.c     |  1 +
 sys/amd64/linux32/linux32_sysvec.c |  1 +
 sys/arm64/linux/linux_sysvec.c     |  1 +
 sys/compat/linux/linux_mib.c       | 12 ++++++++++++
 sys/compat/linux/linux_mib.h       |  3 +++
 sys/i386/linux/linux_sysvec.c      |  2 ++
 7 files changed, 33 insertions(+), 1 deletion(-)
Comment 13 commit-hook freebsd_committer freebsd_triage 2021-06-13 01:38:33 UTC 
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=dc107fe1f939c7d4c5575868202b4cd3edf3e846

commit dc107fe1f939c7d4c5575868202b4cd3edf3e846
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2021-01-14 13:51:52 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2021-06-13 01:22:33 +0000

    linuxolator: Add compat.linux.setid_allowed knob

    PR:     21463

    (cherry picked from commit 598f6fb49c9ca688029b79de0a44227ab79c608c)

 share/man/man4/linux.4             | 14 +++++++++++++-
 sys/amd64/linux/linux_sysvec.c     |  1 +
 sys/amd64/linux32/linux32_sysvec.c |  1 +
 sys/arm64/linux/linux_sysvec.c     |  1 +
 sys/compat/linux/linux_mib.c       | 12 ++++++++++++
 sys/compat/linux/linux_mib.h       |  3 +++
 sys/i386/linux/linux_sysvec.c      |  2 ++
 7 files changed, 33 insertions(+), 1 deletion(-)