Home page logo
/

bugtraq logo Bugtraq mailing list archives

A new approach to the glibc bugs
From: Lionel Cons <Lionel.Cons () CERN CH>
Date: Mon, 11 Sep 2000 09:52:32 -0700

The two hot bugs in glibc (unsetenv and locale) have been discussed in
great details in this forum but I would like to describe now CERN's
approach to this problem.

We wrote a kernel module (named envcheck) which intercepts the execve
system call and sanitises the environment. At the cost of a marginal
performance penalty, it has the following advantages over the glibc
upgrade:
 * it can log who is trying to exploit these glibc bugs
 * it works with statically linked binaries
 * it is transparent to applications that may be sensitive to a change
   of glibc (the first upgrade from Red Hat, quoting their advisory,
   "introduced some threading problems visible with JDK and Mozilla")
 * it may partially protect libc5
 * it could be used as a base to check further things before processes
   start: argument lengths, non-printable characters in the environment...

Don't get me wrong, the real fix is to use the new glibc and to get
rid of the printf format bugs but our module can nicely be used in the
meantime...

For more information, see
        http://home.cern.ch/cons/security/

________________________________________________________
Lionel Cons        http://home.cern.ch/~cons
CERN               http://www.cern.ch

I disapprove of what you say, but I will defend to the death your right to
say it.
        - Voltaire


  By Date           By Thread  

Current thread:
  • A new approach to the glibc bugs Lionel Cons (Sep 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]