From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham version=3.2.5 Date: Tue, 9 Jun 2009 10:07:25 +0400 From: Afanasov Dmitry To: devel@lists.altlinux.org Message-ID: <20090609060724.GA3989@ender.fondinvestrk.ru> Mail-Followup-To: devel@lists.altlinux.org References: <20090608142236.GC8215@ender.fondinvestrk.ru> <20090608162557.GA8104@atlas.home> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="NzB8fVQJ5HfG6fxh" Content-Disposition: inline In-Reply-To: <20090608162557.GA8104@atlas.home> User-Agent: Mutt/1.5.19 (2009-01-05) Subject: Re: [devel] Q: capset after pthread_create (droproot patch for 3proxy) X-BeenThere: devel@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux Team development discussions List-Id: ALT Linux Team development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jun 2009 06:07:43 -0000 Archived-At: List-Archive: List-Post: --NzB8fVQJ5HfG6fxh Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 08, 2009 at 08:25:57PM +0400, Sergey Vlasov wrote: > On Mon, Jun 08, 2009 at 06:22:37PM +0400, Afanasov Dmitry wrote: > > =D7=CF=D0=D2=CF=D3: =CB=C1=CB =D0=CF=D3=D4=C6=C1=CB=D4=D5=CD =D0=D2=CF= =D3=D4=C1=D7=C9=D4=D8 =C4=CC=D1 =D7=D3=C5=C8 =D0=CF=D2=CF=D6=C4=C5=CE=CE=D9= =C8 =D4=D2=C5=C4=CF=D7? >=20 > =F4=CF=CC=D8=CB=CF =CB=C1=CB=C9=CD-=D4=CF =CF=C2=D2=C1=DA=CF=CD =CF=C2=C5= =D3=D0=C5=DE=C9=D4=D8 =D7=D9=DA=CF=D7 capset() =D7=CF =D7=D3=C5=C8 =D0=CF= =D4=CF=CB=C1=C8, =C4=CC=D1 > =CB=CF=D4=CF=D2=D9=C8 =DC=D4=CF =CE=C5=CF=C2=C8=CF=C4=C9=CD=CF (=D7=D0=D2= =CF=DE=C5=CD, =D0=D2=C9 =D7=D9=D0=CF=CC=CE=C5=CE=C9=C9 clone() =D0=D2=C9 = =D7=D9=DA=CF=D7=C1=C8 > pthread_create() =D2=C5=DA=D5=CC=D8=D4=C1=D4 capset() =C2=D5=C4=C5=D4 =CE= =C1=D3=CC=C5=C4=CF=D7=C1=D4=D8=D3=D1). >=20 > > =C5=D3=CC=C9 =CE=C9=CB=C1=CB, =D4=CF =D0=D2=C9=C4=C5=D4=D3=D1 drop_root= =D7=D0=C9=D3=D9=D7=C1=D4=D8 =D7 =D0=D1=D4=CF=CB =CC=C9=DB=CE=C9=C8 =C6=C1= =CA=CC=CF=D7. >=20 > =F0=D2=C9 =D7=D0=C9=D3=D9=D7=C1=CE=C9=C9 =D3=CC=C5=C4=D5=C5=D4 =D5=DE=C9= =D4=D9=D7=C1=D4=D8, =DE=D4=CF =C6=D5=CE=CB=C3=C9=C9 set*id(), =D2=C5=C1=CC= =C9=DA=CF=D7=C1=CE=CE=D9=C5 > =D7 glibc, =C4=C5=CA=D3=D4=D7=D5=C0=D4 =CE=C1 =D7=C5=D3=D8 =D0=D2=CF=C3= =C5=D3=D3. [...] =CF=C7=D2=CF=CD=CE=CF=C5 =D3=D0=C1=D3=C9=C2=CF =DA=C1 =C9=CE=C6=CF=D2=CD=C1= =C3=C9=C0. =D1 =D7=C5=C4=D8 =D7 =CE=C1=DE=C1=CC=C5 =D4=C1=CB =C9 =C4=D5=CD= =C1=CC - =D2=C1=D3=CB=C9=C4=C1=D4=D8 setuid'=D9 =D0=CF =D4=D2=C5=C4=C1=CD. On Mon, Jun 08, 2009 at 11:52:08PM +0400, Dmitry V. Levin wrote: > On Mon, Jun 08, 2009 at 06:22:37PM +0400, Afanasov Dmitry wrote: > > =D7=CF=D0=D2=CF=D3: =CB=C1=CB =D0=CF=D3=D4=C6=C1=CB=D4=D5=CD =D0=D2=CF= =D3=D4=C1=D7=C9=D4=D8 =C4=CC=D1 =D7=D3=C5=C8 =D0=CF=D2=CF=D6=C4=C5=CE=CE=D9= =C8 =D4=D2=C5=C4=CF=D7? > > =C5=D3=CC=C9 =CE=C9=CB=C1=CB, =D4=CF =D0=D2=C9=C4=C5=D4=D3=D1 drop_root= =D7=D0=C9=D3=D9=D7=C1=D4=D8 =D7 =D0=D1=D4=CF=CB =CC=C9=DB=CE=C9=C8 =C6=C1= =CA=CC=CF=D7. >=20 > =F0=D2=CF =D4=C5=C8=CE=C9=DE=C5=D3=CB=C9=CA =C1=D3=D0=C5=CB=D4 =F3=C5=D2= =C7=C5=CA =D5=D6=C5 =CE=C1=D0=C9=D3=C1=CC. =FE=D4=CF =CB=C1=D3=C1=C5=D4=D3= =D1 =C2=C5=DA=CF=D0=C1=D3=CE=CF=D3=D4=C9, =D4=CF > =CC=D5=DE=DB=C5 =D7=D9=D0=CF=CC=CE=C9=D4=D8 drop root =C4=CF =D0=CF=D2=CF= =D6=C4=C5=CE=C9=D1 =D4=D2=C5=C4=CF=D7. =C9=CD=C5=CE=CE=CF =DC=D4=CF=D4 =D7=C1=D2=C9=C1=CE=D4 =C9 =D0=D2=C9=C4=C5= =D4=D3=D1 =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=D4=D8. =D3=CE=C1=DE=C1=CC=C1 =CE=C5 =C8=CF=D4=C5=CC=CF=D3=D8, =D4=C1=CB =CB=C1=CB = "drop_root() =D0=C5=D2=C5=C4 pthread_create()" =CF=DA=CE=C1=DE=C1=C5=D4 "setuid() =C4=CF readconfig()". =C1 =D4=C1=CB =CB=C1=CB =CB=CF=CE=C6=C9=C7 = "=C9=CE=D4=C5=D2=D0=D2=C5=D4=C9=D2=D5=C5=CD=D9=CA", =CB=CF=CD=C1=CE=C4=D9 =D7=D9=D0=CF=CC=CE=D1=C0=D4=D3=D1 =D3=D2=C1=DA=D5. =D7 =D4=CF=CD =DE=C9=D3= =CC=C5 =CB=CF=CD=C1=CE=C4=D9 setuid =C9 pthread_create(subsystem). =C1 =DA=CE=C1=DE=C9=D4 =D0=D2=C9=C4=C5=D4=D3=D1 =D7=D9=CB=C9=CE=D5=D4=D8 = =C9=DA 3proxy.conf =CB=CF=CD=C1=CE=C4=D9 setuid, setgid, chroot=C9 =C9 =D2=C5=C1=CC=C9=DA=CF=D7=C1=D4=D8 =CB=C1=CB =D0=C1=D2=C1=CD=C5=D4=D2=D9= =CB=CF=CD=C1=CE=C4=CE=CF=CA =D3=D4=D2=CF=CB=C9 =D0=CF=CC=CE=CF=D3=D4=D8=C0= , =C1 =CE=C5 =CB=C1=CB =C4=CF=D0=CF=CC=CE=C5=CE=C5=CE=C9=C5. > =CD=CF=D6=C5=D4 =D3=CC=CF=D6=C9=D4=D8=D3=D1 =D3=C9=D4=D5=C1=C3=C9=D1, =CB= =CF=C7=C4=C1, =CE=C1=D0=D2=C9=CD=C5=D2, =CF=C4=C9=CE =D0=CF=D4=CF=CB =C5=DD= =A3 =D7=D9=D0=CF=CC=CE=D1=C5=D4=D3=D1 =D3 > =D0=D2=C1=D7=C1=CD=C9 root, =C1 =C4=D2=D5=C7=CF=CA -- =D5=D6=C5 =CE=C5=D0= =D2=C9=D7=C9=CC=C5=C7=C9=D2=CF=D7=C1=CE=CE=D9=CA =C9 =CF=C2=D2=C1=C2=C1=D4= =D9=D7=C1=C5=D4 =DA=C1=D0=D2=CF=D3=D9 > =CB=CC=C9=C5=CE=D4=CF=D7. =D7 =C4=C1=CE=CE=D9=CA =CD=CF=CD=C5=CE=D4 =C9=CD=C5=CE=CE=CF =D4=C1=CB =C9 = =D0=CF=CC=D5=DE=C9=CC=CF=D3=D8, =D0=CF=DE=C5=CD=D5 =C9 =D7=CF=DA=CE=C9=CB = =CD=CF=CA =D7=CF=D0=D2=CF=D3. =C2=D5=C4=D5 =D0=C5=D2=C5=C4=C5=CC=D9=D7=C1=D4=D8. --=20 =F3 =D5=D7=C1=D6=C5=CE=C9=C5=CD =E1=C6=C1=CE=C1=D3=CF=D7 =E4=CD=C9=D4=D2=C9=CA --NzB8fVQJ5HfG6fxh Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iEYEARECAAYFAkot/BwACgkQ72GKvac0IywVzgCeOPhBTI/MoOig/EJgT2IbOv7C 7eQAnA18CO+StWLH+hfeU2iU2/V9xkiO =9o/C -----END PGP SIGNATURE----- --NzB8fVQJ5HfG6fxh--