| Summary: | sys-devel/gcc-4.{0,1,2,3,4}: -mudflap accepts environment variables if setuid | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | m4rvin |
| Component: | [OLD] Core system | Assignee: | Gentoo Toolchain Maintainers <toolchain> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | Keywords: | Inclusion |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://gcc.gnu.org/PR41433 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: | gcc-4.4.x: fix $MUDFLAP_OPTIONS environment handling, based on gcc bug #41433 | ||
Created attachment 245389 [details] gcc-4.4.x: fix $MUDFLAP_OPTIONS environment handling, based on gcc bug #41433 all gcc-4.x versions before 4.5 have this issue Added to 4.4.4 patchset. Do we need any earlier versions? http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/gcc/4.4.4/gentoo/20_all_mudflap-setuid-env.patch?rev=1.1&view=markup yes, but i would just queue them up in the patch dir rather than doing revbumps on them all Released in 4.4.4-r2. Still have to do previous versions. older versions are supported as a courtesy. no need to go through the full release effort. |
at least sys-devel/gcc-4.{3,4} are affected by gcc bug #41433 when mudflap is enabled: "mudflap accepts options via $MUDFLAP_OPTIONS even when running setuid. -viol-gdb option invokes programs upon error detection which is bad. Note that NULL ptr derefs which are unexploitable in userspace programs, then become exploitable. Fix by either ignoring this variable for setuid's (other options are bad too; what worth a mudflap if it can be disabled for setuids which it should protect) or some other magic. " References: http://c-skills.blogspot.com/2009/09/gcc-fmudflap.html http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41433 Reproducible: Always Steps to Reproduce: