dynamically linked suid binaries - Request for enlightment

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

dynamically linked suid binaries - Request for enlightment

Tilo Stritzky
Hi list,

while doing some reading on secure software development
(//www.ranum.com/security/computer_security/archives/security-for-developers.pdf)
I came across the advice "always link your priviliged binaries
statically".

However a quick check on my system revealed me almost all suid/sgid
programs being dynamically linked (the two exceptions traceroute/traceroute6
startle me even more).

Since the advice makes sense to me (it keeps some rather
complicated machinery out of delicate matters)
I'm wondering why it is not followed on OpenBSD.

Are there other ways to simply 'do this right'?

I would apreciate any pointers for further reading on that matter.

No trolling intended, I'm just curious.

kind regards
tilo

Reply | Threaded
Open this post in threaded view
|

Re: dynamically linked suid binaries - Request for enlightment

Otto Moerbeek
On Fri, 10 Feb 2006, Tilo Stritzky wrote:

> Hi list,
>
> while doing some reading on secure software development
> (//www.ranum.com/security/computer_security/archives/security-for-developers.pdf)
> I came across the advice "always link your priviliged binaries
> statically".
>
> However a quick check on my system revealed me almost all suid/sgid
> programs being dynamically linked (the two exceptions traceroute/traceroute6
> startle me even more).
>
> Since the advice makes sense to me (it keeps some rather
> complicated machinery out of delicate matters)
> I'm wondering why it is not followed on OpenBSD.
>
> Are there other ways to simply 'do this right'?
>
> I would apreciate any pointers for further reading on that matter.

Read man ld.so. The dynamic linker has special provisions to handle
s/guid programs.  

        -Otto

Reply | Threaded
Open this post in threaded view
|

Re: dynamically linked suid binaries - Request for enlightment

Theo de Raadt
In reply to this post by Tilo Stritzky
> while doing some reading on secure software development
> (//www.ranum.com/security/computer_security/archives/security-for-developers.pdf)
> I came across the advice "always link your priviliged binaries
> statically".
>
> However a quick check on my system revealed me almost all suid/sgid
> programs being dynamically linked (the two exceptions traceroute/traceroute6
> startle me even more).
>
> Since the advice makes sense to me (it keeps some rather
> complicated machinery out of delicate matters)
> I'm wondering why it is not followed on OpenBSD.

Early in the days of shared libraries, a lot of vendors had bugs in
their ld.so code, and the most risky ones were for setuid programs
of course.  Very small bugs, which got fixed in time.

This resulted in the "meme" amongst people to "link setuid programs
statically".

We all know that driving cars fast causes more accidents.  Right?
That is a meme of the same quality.

The problem is that once bugs are fixed, and noone makes them anymore
the stupid people keep parroting the same concepts.

That is hardly surprising.

(BTW, about 10 years ago, FreeBSD had a bug in their crt0 that made
every single setuid and setgid program vulnerable.  Did a meme arise
to not "link against the C run time startup code"?  Nope.  Of course
not.)