On 2020-07-16 17:22, Kevin A. McGrail via clamav-users wrote: > Hi, I have an old system I'm compiling. > > I have 0.102.3 working on it. > > Here's the config line: > > ... > CCLD clamscan > actions.o: In function `traverse_to': > ../shared/actions.c:328: undefined reference to `openat' > actions.o: In function `traverse_unlink': > ../shared/actions.c:568: undefined reference to `unlinkat' > actions.o: In function `action_move': > ../shared/actions.c:455: undefined reference to `renameat'
This is from the fix for CVE-2020-3350. The "at" system calls are POSIX.1-2008 and are more or less necessary to handle links safely. ClamAV have gone out of their way to provide a compatibility function on Windows, though, so maybe you're not totally out of luck. Micah: openat() only provides "one level of safety" in that when opening /foo/bar/baz, it ensures that "baz" is where you think it is. You may want to investigate whether or not an attacker can replace "bar" by a symlink in that situation. Other programs address this same problem by running openat() on /, /foo, /foo/bar, and then /foo/bar/baz all in succession to ensure that everything is trustworthy (the root is assumed to be sacred). See http://michael.orlitzky.com/cves/cve-2018-6954.xhtml. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
