[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-gettext] intl: Proof against invalid offset/length
|
From: |
Florian Weimer |
|
Subject: |
Re: [bug-gettext] intl: Proof against invalid offset/length |
|
Date: |
Mon, 23 Mar 2015 15:14:20 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 |
On 03/21/2015 04:17 AM, Daiki Ueno wrote:
> Florian Weimer <address@hidden> writes:
>
>> The patch will use getauxval(AT_SECURE) or __libc_enable_secure (or
>> issetuugid on other systems, but which I cannot test). It is not going
>> to be very portable.
>
> I see (though I'm a bit confused that you removed the use of
> __libc_enable_secure in CVE-2014-0475). Can't you use secure_getenv,
> which Gnulib provides a replacement, compare the result with
> the normal getenv, and apply the pathname check if needed?
Hmm, I was under the impression that absolute paths for LANGUAGE were a
supported feature. If that's not the case, we can just reject directory
traversal and confine lookups to the system locale directory, like we
did for the other locale files.
--
Florian Weimer / Red Hat Product Security
- [bug-gettext] intl: Proof against invalid offset/length, Daiki Ueno, 2015/03/11
- Re: [bug-gettext] intl: Proof against invalid offset/length, Carlos O'Donell, 2015/03/11
- Re: [bug-gettext] intl: Proof against invalid offset/length, Mike Frysinger, 2015/03/11
- Re: [bug-gettext] intl: Proof against invalid offset/length, Bruno Haible, 2015/03/11
- Re: [bug-gettext] intl: Proof against invalid offset/length, Florian Weimer, 2015/03/13
- Re: [bug-gettext] intl: Proof against invalid offset/length, Carlos O'Donell, 2015/03/13
- Re: [bug-gettext] intl: Proof against invalid offset/length, Daiki Ueno, 2015/03/19
- Re: [bug-gettext] intl: Proof against invalid offset/length, Florian Weimer, 2015/03/20
- Re: [bug-gettext] intl: Proof against invalid offset/length, Daiki Ueno, 2015/03/20
- Re: [bug-gettext] intl: Proof against invalid offset/length,
Florian Weimer <=