Date: Thu, 19 Feb 2015 18:33:26 -0500 From: Stuart Gathman <stuart@...hman.org> To: oss-security@...ts.openwall.com Subject: Re: Fixing the glibc runtime linker On 02/19/2015 05:19 PM, Tim Brown wrote: > What's the fix? > > More often than not, the underlying issue is an empty element within the > DT_RPATH header or equivalent. Sometimes it's not, but even in those cases, it > is largely that one or more elements isn't qualifed (i.e. it doesn't start > with /). The attached patch fixes this, by ignoring any elements of DT_RPATH, > LD_LIBRARY_PATH that do not start with a /, and/or junking any use of dlopen > where the filename is likewise unqualified. > > Won't this break stuff? > > Maybe (certainly it is means a change to glibc behaviour), but more often than > not, the fact that a given binary currently works in an unsafe way is a bug - > and an exploitable one at that. Moreoever, Solaris has had a similar sanitity > check (in their case only for privileged setuid binaries) for a good number of > years without serious incident. I believe we should be fixing software that > exhibits the behaviour I've described, but this patch will (I think) kill the > bug class irrespective of that. There needs to be a way to log the paths being ignored - so at least some people will have a clue as to why their program doesn't work. I'm not sure what that way is.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ