From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Date: Mon, 19 Jun 2017 20:49:20 -0400 Message-ID: <20170620004920.GB31586@jasmine.lan> References: <20170619222550.GA29289@jasmine.lan> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="z6Eq5LdranGa6ru8" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:42773) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dN7Mr-0004tA-9T for bug-guix@gnu.org; Mon, 19 Jun 2017 20:50:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dN7Mo-0002B9-5c for bug-guix@gnu.org; Mon, 19 Jun 2017 20:50:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:54080) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dN7Mo-0002B4-1F for bug-guix@gnu.org; Mon, 19 Jun 2017 20:50:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dN7Mn-0002WS-Ne for bug-guix@gnu.org; Mon, 19 Jun 2017 20:50:01 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:42658) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dN7MD-0004s8-Iv for bug-guix@gnu.org; Mon, 19 Jun 2017 20:49:26 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dN7MA-00021G-Eq for bug-guix@gnu.org; Mon, 19 Jun 2017 20:49:25 -0400 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:42569) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dN7MA-000218-AN for bug-guix@gnu.org; Mon, 19 Jun 2017 20:49:22 -0400 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id A1955249CC for ; Mon, 19 Jun 2017 20:49:21 -0400 (EDT) Content-Disposition: inline In-Reply-To: <20170619222550.GA29289@jasmine.lan> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: 27429@debbugs.gnu.org --z6Eq5LdranGa6ru8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On the glibc bugs (CVE-2016-1000366), civodul said: [21:02:26] lfam: i *think* GuixSD is immune to the LD_LIBRARY_PATH one, FWIW [...] [21:02:43] lfam: because of the way is_trusted_path works in glibc https://gnunet.org/bot/log/guix/2017-06-19#T1422600 Relevant upstream commits: CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 programs [BZ #21624] https://sourceware.org/git/?p=glibc.git;a=commit;h=f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d ld.so: Reject overly long LD_PRELOAD path elements https://sourceware.org/git/?p=glibc.git;a=commit;h=6d0ba622891bed9d8394eef1935add53003b12e8 ld.so: Reject overly long LD_AUDIT path elements: https://sourceware.org/git/?p=glibc.git;a=commit;h=81b82fb966ffbd94353f793ad17116c6088dedd9 --z6Eq5LdranGa6ru8 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllIcRAACgkQJkb6MLrK fwgONg/+OnFiZM44mhmrP18ZFHlG25wwkyrOsCg4idsUlqiNDH1dJdthO1GUO+gh 1AeSs+sqgbZNo6MF4zw0Etn3XDPWzMmRcg+RmKezCSWcFcWa6/GKR2sugKJaHRXS 2uWcfPMq+56clhp39tYmUwIb53reF8diZbzXs/BSOWAQ+9G+pTbHk36lX3DBTSH0 lx+PT4BXl0HdpcrerVjthvqbolOqOjFP50pbdC9/IJqkLXWTb5i0jTDmhamr+WvM bm/MAch7c1RHJJwBFFcWjeet1lH0gGUlzrgFdHiwMBRjGNv3EYvXabbTBp0KgnHS hm+XGBpVOzKw1QavuotKOntCqZo9xaB7ME01GCf7iKBucnBLSsWsIX9E4Z7MY5r2 5ZO8PTR2XYnWgWz2MP4r/GSYpkDRM66MCGp0AA5uwJYo/2xTObAVgnDnB7cLOTf5 PNhi+CaQzWyIkEIeOukQUhqm8IPAE5GJbzO9bDgwNJXny9q44PwySmOBFsK9xfjR uBrXF2OAD8FNTmUoQgS6mmSuMU+WwD+2ad8hG0atPOst01mwe8AdZU8ozoAEEWsi 8xKG8aU9QRfAiNHdWjXRThtgtuK8rtOvLPLFcu5173iUhZG00Rwcy31ubXrU04Kn xuSrKaCHzHQz2OsQbPZag6U3Pbhg4aUiIeeuT6LUxr5u1fFpdTk= =L8BO -----END PGP SIGNATURE----- --z6Eq5LdranGa6ru8--