This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Ignore LD_POINTER_GUARD for set-user-ID/set-group-ID binaries.
- From: "Carlos O'Donell" <carlos at redhat dot com>
- To: Florian Weimer <fweimer at redhat dot com>, Hector Marco-Gisbert <hecmargi at upv dot es>, GNU C Library <libc-alpha at sourceware dot org>, "Joseph S. Myers" <joseph at codesourcery dot com>, Siddhesh Poyarekar <siddhesh at redhat dot com>, Andreas Jaeger <aj at suse dot com>
- Cc: Ismael Ripoll Ripoll <iripoll at upv dot es>
- Date: Fri, 9 Oct 2015 21:59:43 -0400
- Subject: Re: [PATCH] Ignore LD_POINTER_GUARD for set-user-ID/set-group-ID binaries.
- Authentication-results: sourceware.org; auth=none
- References: <1441471191-4683-1-git-send-email-hecmargi at upv dot es> <56162CD0 dot 4070902 at redhat dot com>
On 10/08/2015 04:44 AM, Florian Weimer wrote:
> On 09/05/2015 06:39 PM, Hector Marco-Gisbert wrote:
>> A weakness in the dynamic loader have been found, Glibc prior to
>> 2.22.90 are affected. The issue is that the LD_POINTER_GUARD in the
>> environment is not sanitized allowing local attackers easily to bypass
>> the pointer guarding protection on set-user-ID and set-group-ID
>> programs.
>>
>> Details of the weakness:
>> http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html
>>
>> This patch prevents to disable the pointer guarding protection for
>> set-user-ID/set-group-ID programs.
>>
>> For example, executing "LD_POINTER_GUARD=0 /bin/ping" does not disable
>> the pointer guarding protection unless it is directly executed by root
>> (rUID==eUID).
>
> Does anyone actually use LD_POINTER_GUARD for debugging? Maybe we can
> simply retire the environment variable instead.
I vote we remove it. It has long since passed the point of usefullness.
With a proper tunables infrastructure we would have added it in one release
while we tested things, and then removed it one or two releases later.
Cheers,
Carlos.