On [Wed, 19.09.2007 17:53], Dmitry V. Levin wrote:
> On Wed, Sep 19, 2007 at 04:30:03PM +0300, Kirill A. Shutemov wrote:
> > On [Wed, 19.09.2007 17:19], Dmitry V. Levin wrote:
> > > On Wed, Sep 19, 2007 at 04:14:33PM +0300, Kirill A. Shutemov wrote:
> [...]
> > > > nologin.c: Rewrite without glibc at all (#10729)
> > > > 
> > > > Не совсем понятно зачем и как это могло пофиксить баг. Можно ли вернуть
> > > > обратно glibc?
> > > 
> > > Если вернуть обратно glibc, то вернётся #10729.
> > 
> > А что является причиной этого бага?
> 
> Неправильная статическая линковка без libc.
> 
> Зачем нужно линковать nologin без libc?  Приведу цитату (лень переводить):
> 
> "The dynamic linker and libc startup code checks a number of environment
> variables, which may seriously alter the behavior of the starting
> program - up to execution of arbitrary code (other than that found in
> the program).  Login services such as telnetd/login and sshd allow for
> initial environment variables to be passed from the remote.  This has
> actually been used to break into systems in the past.
> 
> Now, modern/patched versions of login services use whitelists of
> known-safe environment variables - and allow only for those environment
> variables to be passed from the remote.
> 
> But we can feel a little bit safer if our disabled accounts' "shells"
> would not be subject to this risk at all - and the only currently
> practical way to achieve that is to avoid the use of the dynamic linker
> and libc."
> 

Вообщем из ядерных хидеров макросы _syscallX выкинули, завещав
использовать libc'шный syscall():

David Woodhouse:
The limited subset of old userland which elected to use _syscallX()
instead of libc's syscall(), and which can be fixed fairly easily.
http://lkml.org/lkml/2006/8/28/61

libc использовать в этом случае нельзя. Что будем делать?

-- 
Regards,  Kirill A. Shutemov
 + Belarus, Minsk
 + Velesys LLC, http://www.velesys.com/
 + ALT Linux Team, http://www.altlinux.com/