This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow

From: Mike Frysinger <vapier at gentoo dot org>
To: Carlos O'Donell <carlos at redhat dot com>
Cc: Nix <nix at esperi dot org dot uk>, GNU C Library <libc-alpha at sourceware dot org>
Date: Wed, 17 Feb 2016 17:20:23 -0500
Subject: Re: [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow
Authentication-results: sourceware.org; auth=none
References: <56C32C20 dot 1070006 at redhat dot com> <56C32DB0 dot 7090409 at redhat dot com> <87k2m3owqt dot fsf at esperi dot org dot uk> <56C4E997 dot 7090700 at redhat dot com>

On 17 Feb 2016 16:43, Carlos O'Donell wrote:
> It's a very good idea. I think we should stack protect libresolv, libdl,
> nscd, etc, and we do already. Extending that is only going to be a good
> thing.

on a related note, seems like nscd should take advantage of seccomp &
namespaces when available.  that would also significantly mitigate on
systems.  any reason to not ?
-mike

Attachment: signature.asc
Description: Digital signature

Follow-Ups:
- Re: [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow
  - From: Carlos O'Donell

References:
- [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow
  - From: Carlos O'Donell
- Re: [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow
  - From: Nix
- Re: [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow
  - From: Carlos O'Donell

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]