This is the mail archive of the
mailing list for the glibc project.
Re: [bug-gettext] intl: Proof against invalid offset/length
- From: Florian Weimer <fweimer at redhat dot com>
- To: Daiki Ueno <ueno at gnu dot org>
- Cc: "Carlos O'Donell" <carlos at redhat dot com>, Bruno Haible <bruno at clisp dot org>, bug-gettext at gnu dot org, Jakub Wilk <jwilk at debian dot org>, libc-alpha at sourceware dot org
- Date: Mon, 23 Mar 2015 15:14:20 +0100
- Subject: Re: [bug-gettext] intl: Proof against invalid offset/length
- Authentication-results: sourceware.org; auth=none
- References: <m3oao06pj3 dot fsf-ueno at gnu dot org> <54FFE323 dot 4000704 at redhat dot com> <5962708 dot Sqr89sjBty at linuix dot haible dot de> <5502F437 dot 5060405 at redhat dot com> <5502F4C9 dot 8050304 at redhat dot com> <m3sid0eaup dot fsf-ueno at gnu dot org> <550BE3F1 dot 20300 at redhat dot com> <87egojyr82 dot fsf-ueno at gnu dot org>
On 03/21/2015 04:17 AM, Daiki Ueno wrote:
> Florian Weimer <email@example.com> writes:
>> The patch will use getauxval(AT_SECURE) or __libc_enable_secure (or
>> issetuugid on other systems, but which I cannot test). It is not going
>> to be very portable.
> I see (though I'm a bit confused that you removed the use of
> __libc_enable_secure in CVE-2014-0475). Can't you use secure_getenv,
> which Gnulib provides a replacement, compare the result with
> the normal getenv, and apply the pathname check if needed?
Hmm, I was under the impression that absolute paths for LANGUAGE were a
supported feature. If that's not the case, we can just reject directory
traversal and confine lookups to the system locale directory, like we
did for the other locale files.
Florian Weimer / Red Hat Product Security