guix-devel/gnu/packages/patches/glibc-CVE-2017-1000366-pt1....

From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Mon, 19 Jun 2017 17:09:55 +0200
Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1
 programs [BZ #21624]

LD_LIBRARY_PATH can only be used to reorder system search paths, which
is not useful functionality.

This makes an exploitable unbounded alloca in _dl_init_paths unreachable
for AT_SECURE=1 programs.

patch from:
https://sourceware.org/git/?p=glibc.git;a=commit;h=f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d
---
 ChangeLog  | 7 +++++++
 elf/rtld.c | 3 ++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/elf/rtld.c b/elf/rtld.c
index 2446a87..2269dbe 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep)
 
 	case 12:
 	  /* The library search path.  */
-	  if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
+	  if (!__libc_enable_secure
+	      && memcmp (envline, "LIBRARY_PATH", 12) == 0)
 	    {
 	      library_path = &envline[13];
 	      break;
-- 
2.9.3
gnu: glibc: Add mitigations for CVE-2017-1000366. * gnu/packages/base.scm (glibc/linux)[replacement]: New field. (glibc-2.25-patched): New variable. (glibc-2.24, glibc-2.23, glibc-2.22, glibc-2.21)[source]: Add patches. [replacement]: New field. (glibc-locales)[replacement]: New field. * gnu/packages/patches/glibc-CVE-2017-1000366-pt1.patch, gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch, gnu/packages/patches/glibc-CVE-2017-1000366-pt3.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. Modified-By: Mark H Weaver <mhw@netris.org> 2017-06-19 22:13:53 +02:00			`From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001`
			`From: Florian Weimer <fweimer@redhat.com>`
			`Date: Mon, 19 Jun 2017 17:09:55 +0200`
			`Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1`
			`programs [BZ #21624]`

			`LD_LIBRARY_PATH can only be used to reorder system search paths, which`
			`is not useful functionality.`

			`This makes an exploitable unbounded alloca in _dl_init_paths unreachable`
			`for AT_SECURE=1 programs.`

			`patch from:`
			`https://sourceware.org/git/?p=glibc.git;a=commit;h=f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d`
			`---`
			`ChangeLog \| 7 +++++++`
			`elf/rtld.c \| 3 ++-`
			`2 files changed, 9 insertions(+), 1 deletion(-)`

			`diff --git a/elf/rtld.c b/elf/rtld.c`
			`index 2446a87..2269dbe 100644`
			`--- a/elf/rtld.c`
			`+++ b/elf/rtld.c`
			`@@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep)`

			`case 12:`
			`/* The library search path. */`
			`- if (memcmp (envline, "LIBRARY_PATH", 12) == 0)`
			`+ if (!__libc_enable_secure`
			`+ && memcmp (envline, "LIBRARY_PATH", 12) == 0)`
			`{`
			`library_path = &envline[13];`
			`break;`
			`--`
			`2.9.3`