[compiler-rt] [sanitizer] Disable writes to log files for binaries in a secure context. (PR #92593)
via llvm-commits
llvm-commits at lists.llvm.org
Fri Jun 7 03:55:45 PDT 2024
bigb4ng wrote:
@hctim
> Can you elaborate on what you're concerned about here? A user with selinux permissions to run setuid binaries, and they use sanitizers as a trojan horse to execute syscalls they don't have access to? IMHO this is a "write bad selinux, deal with consequences" problem. I highly doubt any setuid software is designed to not be used as a syscall-trojan-horse.
Sure! Mostly it's the same concern described in the original writeup. A user with SELinux permissions to run setuid binaries (which is not a "bad selinux" by itself) and a setuid binary compiled with ASAN for "extra security". As there is no warning not to compile setuid with ASAN it may seem harmless and such setuids may end up in certain production environments.
The issue with SELinux in regard to dropping privilege is that runtime domain is provided based on e.g. file attributes and by design cannot assume privileges of the process owner.
https://github.com/llvm/llvm-project/pull/92593
More information about the llvm-commits
mailing list