Bug 20223 - libio: Implement vtable validation
Summary: libio: Implement vtable validation
Status: RESOLVED DUPLICATE of bug 20191
Alias: None
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: 2.24
: P2 normal
Target Milestone: ---
Assignee: Florian Weimer
Depends on:
Reported: 2016-06-08 12:24 UTC by Florian Weimer
Modified: 2016-06-09 12:22 UTC (History)
1 user (show)

See Also:
Last reconfirmed:
fweimer: security-


Note You need to log in before you can comment on or make changes to this bug.
Description Florian Weimer 2016-06-08 12:24:47 UTC
There is a well-documented exploit technique which involves writing pointers to custom vtables for the stdio streams, thus hijacking code execution.

By default, we should reject invalid vtables.  For backwards compatibility with really old binaries (from the GCC 2.95 era), we need to provide some way to disable this hardening on demand.

Further background information about the libio ABI is available here:


This is just additional security hardening (despite existing exploits), so I'm flagging this issue as security-.
Comment 1 Florian Weimer 2016-06-09 12:22:43 UTC
Not sure what I was thinking ...

*** This bug has been marked as a duplicate of bug 20191 ***