From: Siddhesh Poyarekar <siddhesh@sourceware.org>
To: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>,
libc-alpha@sourceware.org
Cc: Carlos O'Donell <carlos@redhat.com>, Arjun Shankar <arjun@redhat.com>
Subject: Re: [committed 2/2] tunables: Terminate if end of input is reached (CVE-2023-4911)
Date: Tue, 3 Oct 2023 14:16:17 -0400 [thread overview]
Message-ID: <a60c7193-a2c8-abf5-4246-373245e86db3@sourceware.org> (raw)
In-Reply-To: <51a2d2d6-883b-44e5-b857-33337d3260e0@linaro.org>
On 2023-10-03 14:07, Adhemerval Zanella Netto wrote:
> So how should we handle what might be inconsistent invalid inputs like:
>
> glibc.malloc.mmap_threshold=4096=4096
>
> Since glibc does not provide any TUNABLE_SECLEVEL_NONE, this tunables
> will be ignored. But for TUNABLE_SECLEVEL_NONE one, the value is
> still parsed by _dl_strtoul or stored in the tunable.
>
Ack, it probably makes sense to drop all tunables that don't match at
this stage. Arjun is going to rework the parsing for pr#30683 and it
probably makes sense to, in addition to enhancing the parsing, also weed
out invalid inputs and harden around allocations for the tunable string
to provide some resilience against overflows.
The other aspect to think about may be the utility of passing tunables
to (or through) setuid programs. I had done it to maintain
compatibility with the malloc envvars that were getting passed through,
but maybe it's a good idea to filter all of them out. Perhaps with
systemwide tunables we could even have a way for tunables to be read in
sxid programs in a safer way.
Thanks,
Sid
next prev parent reply other threads:[~2023-10-03 18:16 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-03 17:08 [committed] CVE-2023-4911 Siddhesh Poyarekar
2023-10-03 17:08 ` [committed 1/2] Propagate GLIBC_TUNABLES in setxid binaries Siddhesh Poyarekar
2023-10-03 17:08 ` [committed 2/2] tunables: Terminate if end of input is reached (CVE-2023-4911) Siddhesh Poyarekar
2023-10-03 18:07 ` Adhemerval Zanella Netto
2023-10-03 18:16 ` Siddhesh Poyarekar [this message]
2023-10-04 12:20 ` Adhemerval Zanella Netto
2023-10-04 12:34 ` Siddhesh Poyarekar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a60c7193-a2c8-abf5-4246-373245e86db3@sourceware.org \
--to=siddhesh@sourceware.org \
--cc=adhemerval.zanella@linaro.org \
--cc=arjun@redhat.com \
--cc=carlos@redhat.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).