Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 19 Feb 2015 18:33:26 -0500
From: Stuart Gathman <stuart@...hman.org>
To: oss-security@...ts.openwall.com
Subject: Re: Fixing the glibc runtime linker

On 02/19/2015 05:19 PM, Tim Brown wrote:
> What's the fix?
>
> More often than not, the underlying issue is an empty element within the
> DT_RPATH header or equivalent. Sometimes it's not, but even in those cases, it
> is largely that one or more elements isn't qualifed (i.e. it doesn't start
> with /). The attached patch fixes this, by ignoring any elements of DT_RPATH,
> LD_LIBRARY_PATH that do not start with a /, and/or junking any use of dlopen
> where the filename is likewise unqualified.
>
> Won't this break stuff?
>
> Maybe (certainly it is means a change to glibc behaviour), but more often than
> not, the fact that a given binary currently works in an unsafe way is a bug -
> and an exploitable one at that. Moreoever, Solaris has had a similar sanitity
> check (in their case only for privileged setuid binaries) for a good number of
> years without serious incident. I believe we should be fixing software that
> exhibits the behaviour I've described, but this patch will (I think) kill the
> bug class irrespective of that.
There needs to be a way to log the paths being ignored - so at least 
some people will have a clue as to why their program doesn't work. I'm 
not sure what that way is.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ