| Summary: | sys-libs/glibc fails to sanitize environment for setuid binaries | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Pavel Labushev <pavel.labushev> |
| Component: | [OLD] Core system | Assignee: | Gentoo Toolchain Maintainers <toolchain> |
| Status: | RESOLVED WONTFIX | ||
| Severity: | normal | CC: | mkl |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: |
fix
to supplement the fix |
||
|
Description
Pavel Labushev
2010-10-25 11:22:58 UTC
Created attachment 251933 [details, diff]
fix
that patch really should be sent upstream to libc-alpha@sourceware.org (In reply to comment #2) > that patch really should be sent upstream to libc-alpha@sourceware.org It's clear the upstream won't accept it. They try to handle each insercure LD_* variable in a secure way for setuid/setgid binaries (and occasionally fail). So it's up to Gentoo to accept the patch or not. Maybe just for glibc[hardened] or for glibc[-debug]. But please, don't underestimate the risks. To quote Tavis Ormandy: <taviso> my money is on LD_HWCAP_MASK breaking next, it's just plain wrong. And note that LD_HWCAP_MASK is handled in the same loop before unsecure_envvars filtering, so just adding it to UNSECURE_ENVVARS would give nothing for security. Created attachment 252129 [details, diff]
to supplement the fix
If anyone cares, more UNSECURE_ENVVARS as per recommendation of Tavis Ormandy.
|
