Thanks Roberto. :-) Will you disclose the exploit to check my own server?
Does the patch applies cleanly to 2.0.15 ? Is this is a python 3 bug ? Best regards, Etienne Le 2018-02-06 à 12:22, Roberto De Ioris a écrit :
Hi everyone, the following patch (available for both 2.0 and 2.1) fixes a potential security vulnerability reported yesterday: https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe Any modern system should not be vulnerable thanks to out-of-the-box protections like stack canary and friends. (basically if you pass a path bigger than PATH_MAX, uWSGI will crash or will trigger a stack corruption exception) Albeit using it for some kind of useful attack seems very improbable, the new approach is way more robust than the previous one as it checks for the path size before calling realpath() too.
-- Etienne Robillard tkad...@yandex.com https://www.isotopesoftware.ca/ _______________________________________________ uWSGI mailing list uWSGI@lists.unbit.it http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi