Uploaded to -proposed... ** Description changed:
+ IMPACT: stack protections are weakened due to strcpy function being able to write the stack guard (since it does not start with a zero byte). + ADDRESSED: correctly implement leading zero, as done in Karmic. + DISCUSSION: regression potential is low, since the patch is isolated and well tested. + + TEST CASE: $ bzr branch lp:~ubuntu-bugcontrol/qa-regression-testing/master qa-regression-testing $ cd qa-regression-testing/scripts $ ./test-glibc-security.py -v Build helper tools ... (9.10) ok glibc heap protection ... ok sprintf not pre-truncated with -D_FORTIFY_SOURCE=2 ... ok glibc pointer obfuscation ... ok Password hashes ... (sha512) ok Stack guard exists ... ok Stack guard leads with zero byte ... FAIL Stack guard is randomized ... ok ====================================================================== FAIL: Stack guard leads with zero byte ---------------------------------------------------------------------- Traceback (most recent call last): File "./test-glibc-security.py", line 170, in test_81_stack_guard_leads_zero - self.assertEqual(one.endswith('00\n'), expected, one) - AssertionError: 0x6f33dd6a30051c1 - + self.assertEqual(one.startswith('00 '), expected, one) + AssertionError: 62 55 59 69 cd 20 39 80 ---------------------------------------------------------------------- Ran 8 tests in 0.145s FAILED (failures=1) + expected outcome: 0 failures. + ProblemType: Bug Architecture: amd64 Date: Thu Aug 13 13:59:02 2009 Dependencies: - findutils 4.4.2-1 - gcc-4.4-base 4.4.1-1ubuntu3 - libc6 2.10.1-0ubuntu6 - libgcc1 1:4.4.1-1ubuntu3 + findutils 4.4.2-1 + gcc-4.4-base 4.4.1-1ubuntu3 + libc6 2.10.1-0ubuntu6 + libgcc1 1:4.4.1-1ubuntu3 DistroRelease: Ubuntu 9.10 Package: libc6 2.10.1-0ubuntu6 ProcEnviron: - LANGUAGE=en_US.UTF-8 - PATH=(custom, user) - LANG=en_US.UTF-8 - SHELL=/bin/bash + LANGUAGE=en_US.UTF-8 + PATH=(custom, user) + LANG=en_US.UTF-8 + SHELL=/bin/bash ProcVersionSignature: Ubuntu 2.6.31-5.24-generic SourcePackage: eglibc Uname: Linux 2.6.31-5-generic x86_64 ** Attachment added: "glibc_2.9-4ubuntu6.1.debdiff" http://launchpadlibrarian.net/30804998/glibc_2.9-4ubuntu6.1.debdiff -- stack protector guard value does not lead with a NULL byte https://bugs.launchpad.net/bugs/413278 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs