> Thanks Roberto. :-) > > Will you disclose the exploit to check my own server?
Hi, just run uwsgi --ini path with path bigger than 1024 bytes. you should get a crash. No it is a uWSGI bug, it happens way before the python vm is started > > Does the patch applies cleanly to 2.0.15 ? > > Is this is a python 3 bug ? > > Best regards, > > > > Etienne > > > Le 2018-02-06 à 12:22, Roberto De Ioris a écrit : >> Hi everyone, the following patch (available for both 2.0 and 2.1) fixes >> a potential security vulnerability reported yesterday: >> >> https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe >> >> Any modern system should not be vulnerable thanks to out-of-the-box >> protections like stack canary and friends. (basically if you pass a path >> bigger than PATH_MAX, uWSGI will crash or will trigger a stack >> corruption >> exception) >> >> Albeit using it for some kind of useful attack seems very improbable, >> the >> new approach is way more robust than the previous one as it checks for >> the >> path size before calling realpath() too. >> >> > > -- > Etienne Robillard > tkad...@yandex.com > https://www.isotopesoftware.ca/ > > -- Roberto De Ioris http://unbit.com _______________________________________________ uWSGI mailing list uWSGI@lists.unbit.it http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
