Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 2 Sep 2010 17:56:39 +0200
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley@...us.mitre.org
Subject: Re: CVE id request: libc fortify source information
 disclosure

On Tue, 31 Aug 2010 16:02:14 -0400 (EDT) Steven M. Christey wrote:

> The risk may be very minimal, but the FORTIFY_SOURCE protection
> mechanism is not working "as advertised" - it can be manipulated for
> an admittedly-small information leak.

For the sake of correctness, protective technology that kicks in in the
Dan's example is stack protector, not FORTIFY_SOURCE.  Though it's
probably still glibc to blame for using the same error-reporting
function in both cases.


On Wed, 25 Aug 2010 21:49:20 +0200 Nico Golde wrote:

> As this also works for setuid programs it would be nice to get one
> assigned and have this patched.

It seems the fix would need to remove all possibly-useful info from the
error message.

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ