From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
 id D82463857018; Fri, 22 Apr 2022 10:31:22 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D82463857018
From: "fweimer at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug stdio/25812] Libio vtable protection is sometimes only
 partially enforced
Date: Fri, 22 Apr 2022 10:31:22 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: stdio
X-Bugzilla-Version: 2.31
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: fweimer at redhat dot com
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Resolution: FIXED
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: fweimer at redhat dot com
X-Bugzilla-Target-Milestone: 2.36
X-Bugzilla-Flags: security-
X-Bugzilla-Changed-Fields: flagtypes.name target_milestone resolution
 bug_status
Message-ID: <bug-25812-131-JY77LQFGOk@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-25812-131@http.sourceware.org/bugzilla/>
References: <bug-25812-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: glibc-bugs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Glibc-bugs mailing list <glibc-bugs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/glibc-bugs>,
 <mailto:glibc-bugs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/glibc-bugs/>
List-Help: <mailto:glibc-bugs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/glibc-bugs>,
 <mailto:glibc-bugs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Apr 2022 10:31:23 -0000

https://sourceware.org/bugzilla/show_bug.cgi?id=3D25812

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |security-
   Target Milestone|---                         |2.36
         Resolution|---                         |FIXED
             Status|ASSIGNED                    |RESOLVED

--- Comment #5 from Florian Weimer <fweimer at redhat dot com> ---
Fixed for glibc 2.36 via:

commit 198abcbb94618730dae1b3f4393efaa49e0ec8c7
Author: Florian Weimer <fweimer@redhat.com>
Date:   Mon Apr 11 11:30:31 2022 +0200

    Default to --with-default-link=3Dno (bug 25812)

    This is necessary to place the libio vtables into the RELRO segment.
    New tests elf/tst-relro-ldso and elf/tst-relro-libc are added to
    verify that this is what actually happens.

    The new tests fail on ia64 due to lack of (default) RELRO support
    inbutils, so they are XFAILed there.

I'm flagging this as security- because it is just a lack of intended harden=
ing,
but not a vulnerability as such.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=