This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: CVE-2009-4273 for stap 1.0?
- From: Tony Jones <tonyj at suse dot de>
- To: Dave Brolley <brolley at redhat dot com>
- Cc: SystemTAP <systemtap at sources dot redhat dot com>
- Date: Wed, 3 Feb 2010 11:47:06 -0800
- Subject: Re: CVE-2009-4273 for stap 1.0?
- References: <20100128051807.GA25969@suse.de> <4B61BFA7.5020809@redhat.com>
On Thu, Jan 28, 2010 at 11:47:35AM -0500, Dave Brolley wrote:
> Hi Tony,
>
> RHEL55 will soon rebase to systemtap 1.1 which contains the fix, so
> there are currently no plans to backport the fix to 1.0.
>
> If you need to backport to 1.0, I would be happy to help with any
> problems you may encounter. To help get you started, I've attached a
> list of the changes needed to complete the fix.
>
> Please use the public mailing list (systemtap@sources.redhat.com)
> for any further questions.
As part of verifying the backport I tried initially to reproduce the problem
in the un-fixed code based on the "horror cases" mentioned at:
http://sourceware.org/bugzilla/show_bug.cgi?id=11105#c1
I tried various forms based off of the "stap-client -D 'asdf ; ls /etc' ..."
case but I guess I'm not understanding the side-effects. I assumed the above
would result in some form of extraneous output at the client side?
I guess I'd welcome some concrete examples that demonstrate the exploit if
you have a spare couple of minutes. Either on or off-list is fine.
Thanks