This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements

From: Florian Weimer <fweimer at redhat dot com>
To: Andreas Schwab <schwab at suse dot de>
Cc: libc-alpha at sourceware dot org
Date: Mon, 26 Jun 2017 14:26:57 +0200
Subject: Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
Authentication-results: sourceware.org; auth=none
Authentication-results: ext-mx08.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-results: ext-mx08.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=fweimer at redhat dot com
Dkim-filter: OpenDKIM Filter v2.11.0 mx1.redhat.com E7A90C056861
Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com E7A90C056861
References: <20170619161345.7CC73402AEC3E@oldenburg.str.redhat.com> <mvmzicvp23k.fsf@suse.de> <54c5074e-8b7c-7b3b-e5b1-02ee18a7cabe@redhat.com> <mvmvanjozna.fsf@suse.de> <50beae35-82bd-ae09-064d-676fd26fc1c0@redhat.com> <mvmr2y7ozbe.fsf@suse.de> <6701f70e-f623-ef1a-1ef2-a4d47d7e11b0@redhat.com> <mvmh8z3ovuz.fsf@suse.de> <a9ad64ea-f91e-e494-92a0-35b706f5d107@redhat.com> <mvmd19rou5j.fsf@suse.de>

On 06/26/2017 01:39 PM, Andreas Schwab wrote:
> On Jun 26 2017, Florian Weimer <fweimer@redhat.com> wrote:
> 
>> On 06/26/2017 01:02 PM, Andreas Schwab wrote:
>>> On Jun 26 2017, Florian Weimer <fweimer@redhat.com> wrote:
>>>
>>>> +/* Process the audit modules in audit_list and audit_list_string.  */
>>>> +void
>>>> +handle_audit_modules (void)
>>>> +{
>>>> +  char fname[SECURE_PATH_LIMIT];
>>>> +  struct audit_ifaces *last_audit = NULL;
>>>> +
>>>> +  if (audit_list_string != NULL)
>>>
>>> Why do you need that?
>>
>> Which part?  The separate processing for LD_AUDIT and the --audit
>> command line arguments?

The goal is to prevent massaging the heap through LD_AUDIT variable
contents.  So it's purely hardening.

Thanks,
Florian

Follow-Ups:
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Andreas Schwab

References:
- [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Florian Weimer
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Andreas Schwab
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Florian Weimer
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Andreas Schwab
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Florian Weimer
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Andreas Schwab
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Florian Weimer
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Andreas Schwab
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Florian Weimer
- Re: [PATCH] rtld: Reject overly long LD_AUDIT path elements
  - From: Andreas Schwab

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]