bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#27429: Stack clash (CVE-2017-1000366 etc)

From: Efraim Flashner
Subject: bug#27429: Stack clash (CVE-2017-1000366 etc)
Date: Tue, 20 Jun 2017 10:18:57 +0300
User-agent: Mutt/1.8.3 (2017-05-23) 
On Mon, Jun 19, 2017 at 08:49:20PM -0400, Leo Famulari wrote:
> On the glibc bugs (CVE-2016-1000366), civodul said:
> 
> [21:02:26]    <civodul>       lfam: i *think* GuixSD is immune to the 
> LD_LIBRARY_PATH one, FWIW
> [...]
> [21:02:43]    <civodul>       lfam: because of the way is_trusted_path works 
> in glibc
> 
> https://gnunet.org/bot/log/guix/2017-06-19#T1422600
> 
> Relevant upstream commits:
> 
> CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 programs [BZ #21624]
> https://sourceware.org/git/?p=glibc.git;a=commit;h=f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d
> 
> ld.so: Reject overly long LD_PRELOAD path elements
> https://sourceware.org/git/?p=glibc.git;a=commit;h=6d0ba622891bed9d8394eef1935add53003b12e8
> 
> ld.so: Reject overly long LD_AUDIT path elements:
> https://sourceware.org/git/?p=glibc.git;a=commit;h=81b82fb966ffbd94353f793ad17116c6088dedd9

I don't know if this is true or not, but I have a patch here locally
that seems to work against the CVE. I haven't downloaded the other
patches and added them, but with all the '(replacement #f)''s in place
it should just work to add them in to the glibc packages we have.

I'll wait and see before pushing the patch.


-- 
Efraim Flashner   <address@hidden>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

Attachment: 0001-gnu-glibc-Patch-CVE-2017-1000366.patch
Description: Text document

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]