From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 102421 invoked by alias); 4 Feb 2019 15:36:34 -0000 Mailing-List: contact libc-stable-help@sourceware.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Subscribe: List-Archive: Sender: libc-stable-owner@sourceware.org Received: (qmail 102410 invoked by uid 89); 4 Feb 2019 15:36:34 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.100.2 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-26.4 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_NUMSUBJECT,KAM_SHORT,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=arrived X-Spam-Status: No, score=-26.4 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_NUMSUBJECT,KAM_SHORT,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: mail-qt1-f194.google.com Received: from mail-qt1-f194.google.com (HELO mail-qt1-f194.google.com) (209.85.160.194) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 04 Feb 2019 15:36:33 +0000 Received: by mail-qt1-f194.google.com with SMTP id i7so271613qtj.10 for ; Mon, 04 Feb 2019 07:36:32 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp :organization:message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=5aeayWZ0ocvI/tY5JHIX+Bm0kN5qPb50Qtla9bwmNY0=; b=hA7TVv6CubsZAreyJrSO4uPvAS68S0gc3bxsct3HxKNCWU0RZU/nV2KShEOW2nXebj 6dFX8bAl7h0y2BG8P3aHLXGZ5+LldgeiywUT6l9AbWJf8sALAVd0FjmgFb6JQgYSLaDI DgkHN0cLEucOm5qE21J6UwnG8r3nmJ9JaYtNA3YTinJuq5hHlkdGFBiEbetjjFaGhUts S0rvkP1T+48rn5NfghV00zh2Uovaj1y80XuKj8YANjVjccNZ4qAmia2L7n4xYTd7uhzU NOABtuif+X04sLgVGSG238lHQ6d2bCuInD197JQANJdDhGPrc/aF04ArZtj0zBWy49gH s3WA== X-Gm-Message-State: AJcUukdwkN+bVWtC/cDJoijQKDrKb7iFK4QHhxS2oOlVvPS7b/yCSRJ2 BGVRTcQGIYfbscKCkGxaxbGQuCjitbeGew== X-Google-Smtp-Source: ALg8bN61uzv2FhhdqX9IWSXvos6qvVNLoOU29U8OtE1+qG53iwZQu7rdwhaas70NHDrYEw53yhubbg== X-Received: by 2002:a0c:80a8:: with SMTP id 37mr49486249qvb.191.1549294591046; Mon, 04 Feb 2019 07:36:31 -0800 (PST) Received: from [10.150.73.190] (75.sub-174-228-15.myvzw.com. [174.228.15.75]) by smtp.gmail.com with ESMTPSA id h68sm8654652qkb.82.2019.02.04.07.36.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 04 Feb 2019 07:36:30 -0800 (PST) Subject: Re: Backporting CVE-2016-10739 To: Florian Weimer , Aurelien Jarno Cc: libc-stable@sourceware.org References: <20190204134254.GA13816@aurel32.net> <871s4nppu4.fsf@oldenburg2.str.redhat.com> <87r2cno9qq.fsf@oldenburg2.str.redhat.com> From: Carlos O'Donell Openpgp: preference=signencrypt Organization: Red Hat Message-ID: <0a9daa70-7ea9-1ebd-8690-04b6ff2acd88@redhat.com> Date: Tue, 01 Jan 2019 00:00:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: <87r2cno9qq.fsf@oldenburg2.str.redhat.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-SW-Source: 2019-02/txt/msg00010.txt.bz2 On 2/4/19 10:26 AM, Florian Weimer wrote: > That didn't work due to linking failures in the test suite. > > Here's something less ambitious. It retains the ABI for testing, but > patches nscd to use its own private copy. > > (I have not put this on the branch due to Bugzilla spam this would > cause.) This was a non-causal v2 of your first patch. It arrived while I was reviewing the first one, and I like this one much more. > Thanks, > Florian > > nscd: Do not use __inet_aton_exact@GLIBC_PRIVATE [BZ #20018] OK. > > This commit avoids referencing the __inet_aton_exact@GLIBC_PRIVATE > symbol from nscd. In master, the separately-compiled getaddrinfo > implementation in nscd needs it, however such an internal ABI change > is not desirable on a release branch if it can be avoided easily. OK. Good note. > 2019-02-04 Florian Weimer > > [BZ #20018] > nscd: Do not rely on new GLIBC_PRIVATE ABI after CVE-2016-10739 fix. > * nscd/nscd-inet_addr.c: New file. Build resolv/inet_addr.c for > nscd, without public symbols. > * nscd/Makefile (nscd-modules): Add it. > > diff --git a/nscd/Makefile b/nscd/Makefile > index b713a84c49..eb23c01a39 100644 > --- a/nscd/Makefile > +++ b/nscd/Makefile > @@ -36,7 +36,7 @@ nscd-modules := nscd connections pwdcache getpwnam_r getpwuid_r grpcache \ > getsrvbynm_r getsrvbypt_r servicescache \ > dbg_log nscd_conf nscd_stat cache mem nscd_setup_thread \ > xmalloc xstrdup aicache initgrcache gai res_hconf \ > - netgroupcache > + netgroupcache nscd-inet_addr OK. Add a new object to nscd. > > ifeq ($(build-nscd)$(have-thread-library),yesyes) > > diff --git a/nscd/nscd-inet_addr.c b/nscd/nscd-inet_addr.c > new file mode 100644 > index 0000000000..ce42ba3ea8 > --- /dev/null > +++ b/nscd/nscd-inet_addr.c > @@ -0,0 +1,30 @@ > +/* Legacy IPv4 text-to-address functions. Version for nscd. > + Copyright (C) 2019 Free Software Foundation, Inc. > + This file is part of the GNU C Library. > + > + The GNU C Library is free software; you can redistribute it and/or > + modify it under the terms of the GNU Lesser General Public > + License as published by the Free Software Foundation; either > + version 2.1 of the License, or (at your option) any later version. > + > + The GNU C Library is distributed in the hope that it will be useful, > + but WITHOUT ANY WARRANTY; without even the implied warranty of > + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + Lesser General Public License for more details. > + > + You should have received a copy of the GNU Lesser General Public > + License along with the GNU C Library; if not, see > + . */ > + > +#include > + Please add a comment explaining why this is here. > +/* Declare __inet_aton_exact as hidden, so that it does not get > + exported from nscd. */ > +__typeof__ (__inet_aton_exact) __inet_aton_exact attribute_hidden; > + > +/* Do not provide definitions of the public symbols exported from > + libc. */ > +#undef weak_alias > +#define weak_alias(from, to) > + > +#include > Can we kill the prototype from the public header and use an internal header? It seems messy to leave that prototype for the GLIBC_PRIVATE symbol in the public header. It might tempt people to workaround the linkage protection. -- Cheers, Carlos.