Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CABz95_B=geCCmA7SO0raoaoG0GnQJd9dWag23StnRu3j3MgaKQ@mail.gmail.com>
Date: Sat, 14 Jun 2014 17:27:33 +0100
From: Steven Honeyman <stevenhoneyman@...il.com>
To: musl@...ts.openwall.com
Subject: Re: Binaries compiled with musl (1.1.2) are vulnerable to an
 ancient ldd exploit

A quick search suggests it's been "patched" in Debian, Redhat, Owl
glibc packages at least, but not upstream yet for some reason.


If that libc-alpha commit makes it through (eventually!) then agreed,
this is no longer an issue.


On 14 June 2014 17:24, Rich Felker <dalias@...c.org> wrote:
> On Sat, Jun 14, 2014 at 08:14:01PM +0400, Solar Designer wrote:
>> Rich,
>>
>> On Sat, Jun 14, 2014 at 12:02:43PM -0400, Rich Felker wrote:
>> > (Actually, I think
>> > this issue may be fixed in modern glibc ldd, but I'm not sure.)
>>
>> IIRC, we have this worked around in patched glibc's ldd on Owl by having
>> it always explicitly run the program through /lib/ld-linux.so.2, which
>> obviously does interpret its env vars that the ldd script sets.  That ldd
>> script assumes glibc's /lib/ld-linux.so.2 anyway (env vars, exit codes).
>
> One improvement to this, if one wants to support multiple glibc
> installations with different interpreters, would be parsing the
> PT_INTERP from the binary, then exec'ing it in a way that inhibits
> suid if the pointed-to binary happens to be suid. (One idea is
> open+fstat+fexecve; another is ptrace+exec, where ptrace just serves
> to inhibit suid.)
>
>> I don't know why upstream glibc would not(?) patch the issue that way.
>> It's a trivial change.  Is there some WONTFIX for this in glibc Bugzilla
>> already?  Sounds like material for your blog if so. ;-)
>
> There was a new patch for this issue on the libc-alpha list back in
> March of this year, but I don't think it's been committed yet. See
> "[PATCH] Never try to execute the file in ldd", Message-ID:
> <mvma9cfobqi.fsf@...king.suse.de>.
>
> Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.