Date: Thu, 2 Sep 2010 19:17:59 +0200 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com Cc: dan.j.rosenberg@...il.com, coley@...us.mitre.org Subject: Re: CVE id request: libc fortify source information disclosure On Thu, 2 Sep 2010 12:23:23 -0400 Dan Rosenberg wrote: > > It seems the fix would need to remove all possibly-useful info from > > the error message. > > The backtrace or memory map don't really contain any potentially > sensitive information that couldn't be obtained otherwise. It's just > the reference to argv (in glibc/debug/fortify_fail.c) that worries > me, because this can be directly influenced to cause a printout of > process memory. In case of stack protector failed check, it's still an attempt to print-out info based on what's known to be (partially) corrupted. -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ