This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/20223] New: libio: Implement vtable validation
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 08 Jun 2016 12:24:47 +0000
- Subject: [Bug libc/20223] New: libio: Implement vtable validation
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=20223
Bug ID: 20223
Summary: libio: Implement vtable validation
Product: glibc
Version: 2.24
Status: NEW
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: fweimer at redhat dot com
CC: drepper.fsp at gmail dot com
Target Milestone: ---
Flags: security-
There is a well-documented exploit technique which involves writing pointers to
custom vtables for the stdio streams, thus hijacking code execution.
By default, we should reject invalid vtables. For backwards compatibility with
really old binaries (from the GCC 2.95 era), we need to provide some way to
disable this hardening on demand.
Further background information about the libio ABI is available here:
https://sourceware.org/glibc/wiki/LibioVtables
This is just additional security hardening (despite existing exploits), so I'm
flagging this issue as security-.
--
You are receiving this mail because:
You are on the CC list for the bug.