This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] ld.so: Reject overly long LD_PRELOAD path elements
- From: Florian Weimer <fweimer at redhat dot com>
- To: Carlos O'Donell <carlos at redhat dot com>, libc-alpha at sourceware dot org
- Date: Mon, 19 Jun 2017 22:29:00 +0200
- Subject: Re: [PATCH] ld.so: Reject overly long LD_PRELOAD path elements
- Authentication-results: sourceware.org; auth=none
- Authentication-results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
- Authentication-results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=fweimer at redhat dot com
- Dkim-filter: OpenDKIM Filter v2.11.0 mx1.redhat.com ECA5640F05
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com ECA5640F05
- References: <20170619161325.D0219402AEC3E@oldenburg.str.redhat.com> <4aa061ff-34aa-e433-c367-7ea737a5ea5f@redhat.com>
On 06/19/2017 10:00 PM, Carlos O'Donell wrote:
> /* For SUID binaries, all glibc ports have limits, even though we want
> to avoid limits in the GNU operating system.
> For those operating systems that do not define such limits, we
> define them to an arbitrary but small value. The GNU/Hurd includes
> no such limits, but we define them for now as a security heuristic for
> SUID binaries. */
> #ifndef NAME_MAX
> #define NAME_MAX 4096
> #endif
We use 1024 for PATH_MAX in various places inside glibc already, so I'm
going to stick with that. NAME_MAX should be 255, I think. This is
what I'm going to check in:
/* Length limits for names and paths, to protect the dynamic linker,
particularly when __libc_enable_secure is active. */
#ifdef NAME_MAX
# define SECURE_NAME_LIMIT NAME_MAX
#else
# define SECURE_NAME_LIMIT 255
#endif
#ifdef PATH_MAX
# define SECURE_PATH_LIMIT PATH_MAX
#else
# define SECURE_PATH_LIMIT 1024
#endif
Thanks,
Florian