Date: Fri, 15 Jan 2016 13:56:33 +0100 From: Yann Droneaud <ydroneaud@...eya.com> To: oss-security@...ts.openwall.com Subject: Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Hi, Le vendredi 15 janvier 2016 à 12:06 +0100, Florian Weimer a écrit : > On 01/14/2016 06:13 PM, Qualys Security Advisory wrote: > > Internal stdio buffering is the most severe of the three problems > > discussed in this section, although GNU/Linux is not affected > > because the glibc mmap()s and munmap()s (and therefore cleanses) > > stdio buffers. > > This will change in glibc 2.23, stdio will use regular malloc and > free for its buffers. I did not expect this change to have security > implications. Considering that the actual bug lies elsewhere, and > stdio usage is based on copying out of the buffer (so leaks can still > happen elsewhere), I do not wish to revert this change. > Would setvbuf(stream, NULL, _IONBF, 0); be used to disable buffer before reading/writting sensible data to a stream ? What about a buffering flag (_IOSBF) that would enable "secure" handling of the buffer, that is, on fclose() and fflush(), write back and cleanse buffer on output stream, cleanse buffer on input stream ? Regards. -- Yann Droneaud OPTEYA
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ