Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 2 Sep 2010 19:17:59 +0200
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com
Cc: dan.j.rosenberg@...il.com, coley@...us.mitre.org
Subject: Re: CVE id request: libc fortify source information
 disclosure

On Thu, 2 Sep 2010 12:23:23 -0400 Dan Rosenberg wrote:

> > It seems the fix would need to remove all possibly-useful info from
> > the error message.
> 
> The backtrace or memory map don't really contain any potentially
> sensitive information that couldn't be obtained otherwise.  It's just
> the reference to argv[0] (in glibc/debug/fortify_fail.c) that worries
> me, because this can be directly influenced to cause a printout of
> process memory.

In case of stack protector failed check, it's still an attempt to
print-out info based on what's known to be (partially) corrupted.

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ