Bug#1053470: ld.so: ignore tunables in secure mode
Hi, On 2023-10-05 09:33, Michael Hudson-Doyle wrote: > I think that is the sort of conclusion upstream is coming to in > https://inbox.sourceware.org/libc-alpha/20231003201151.1406279-1-siddh...@sourceware.org/T/#e9123bc53d892ab6552e05109ce939d531d741092 > too. In any case, the upstream bug tracker / mailing list is probably the > place to start with this. I fully agree with that. Let's try to not have a different behavior for each distribution by getting this done upstream. If it doesn't work we could look at doing that at the distribution level. Regards Aurelien > On Thu, 5 Oct 2023 at 07:00, Christian Göttsche > wrote: > > > Package: glibc > > Version: 2.37-12 > > > > In the light of the recent privilege escalation vulnerability I'd like > > to suggest disabling the support for tunables in secure mode (most > > notably for setuid-binaries). > > This would mitigate future regressions in the handling of the > > environment variable and possible vulnerabilities caused by the > > interaction of particular options with security relevant applications. > > > > The support could either be disabled at compile time[1] or at runtime > > via a file existence check (either by reusing `/etc/suid-debug` or a > > new one like `/etc/suid-tunables`). > > > > > > [1]: > > https://git.altlinux.org/gears/g/glibc.git?p=glibc.git;a=commitdiff;h=5d1686416ab766f3dd0780ab730650c4c0f76ca9 > > > > -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://aurel32.net
Bug#1053470: ld.so: ignore tunables in secure mode
I think that is the sort of conclusion upstream is coming to in https://inbox.sourceware.org/libc-alpha/20231003201151.1406279-1-siddh...@sourceware.org/T/#e9123bc53d892ab6552e05109ce939d531d741092 too. In any case, the upstream bug tracker / mailing list is probably the place to start with this. On Thu, 5 Oct 2023 at 07:00, Christian Göttsche wrote: > Package: glibc > Version: 2.37-12 > > In the light of the recent privilege escalation vulnerability I'd like > to suggest disabling the support for tunables in secure mode (most > notably for setuid-binaries). > This would mitigate future regressions in the handling of the > environment variable and possible vulnerabilities caused by the > interaction of particular options with security relevant applications. > > The support could either be disabled at compile time[1] or at runtime > via a file existence check (either by reusing `/etc/suid-debug` or a > new one like `/etc/suid-tunables`). > > > [1]: > https://git.altlinux.org/gears/g/glibc.git?p=glibc.git;a=commitdiff;h=5d1686416ab766f3dd0780ab730650c4c0f76ca9 > >
Bug#1053470: ld.so: ignore tunables in secure mode
Package: glibc Version: 2.37-12 In the light of the recent privilege escalation vulnerability I'd like to suggest disabling the support for tunables in secure mode (most notably for setuid-binaries). This would mitigate future regressions in the handling of the environment variable and possible vulnerabilities caused by the interaction of particular options with security relevant applications. The support could either be disabled at compile time[1] or at runtime via a file existence check (either by reusing `/etc/suid-debug` or a new one like `/etc/suid-tunables`). [1]: https://git.altlinux.org/gears/g/glibc.git?p=glibc.git;a=commitdiff;h=5d1686416ab766f3dd0780ab730650c4c0f76ca9