This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [bug-gettext] intl: Proof against invalid offset/length
- From: Florian Weimer <fweimer at redhat dot com>
- To: Daiki Ueno <ueno at gnu dot org>
- Cc: "Carlos O'Donell" <carlos at redhat dot com>, Bruno Haible <bruno at clisp dot org>, bug-gettext at gnu dot org, Jakub Wilk <jwilk at debian dot org>, libc-alpha at sourceware dot org
- Date: Mon, 23 Mar 2015 15:14:20 +0100
- Subject: Re: [bug-gettext] intl: Proof against invalid offset/length
- Authentication-results: sourceware.org; auth=none
- References: <m3oao06pj3 dot fsf-ueno at gnu dot org> <54FFE323 dot 4000704 at redhat dot com> <5962708 dot Sqr89sjBty at linuix dot haible dot de> <5502F437 dot 5060405 at redhat dot com> <5502F4C9 dot 8050304 at redhat dot com> <m3sid0eaup dot fsf-ueno at gnu dot org> <550BE3F1 dot 20300 at redhat dot com> <87egojyr82 dot fsf-ueno at gnu dot org>
On 03/21/2015 04:17 AM, Daiki Ueno wrote:
> Florian Weimer <fweimer@redhat.com> writes:
>
>> The patch will use getauxval(AT_SECURE) or __libc_enable_secure (or
>> issetuugid on other systems, but which I cannot test). It is not going
>> to be very portable.
>
> I see (though I'm a bit confused that you removed the use of
> __libc_enable_secure in CVE-2014-0475). Can't you use secure_getenv,
> which Gnulib provides a replacement, compare the result with
> the normal getenv, and apply the pathname check if needed?
Hmm, I was under the impression that absolute paths for LANGUAGE were a
supported feature. If that's not the case, we can just reject directory
traversal and confine lookups to the system locale directory, like we
did for the other locale files.
--
Florian Weimer / Red Hat Product Security