Bug 1151568
Summary: | libffi: should open NX bypass descriptor with O_CLOEXEC | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Tomasz Konefal <twkonefal> | |
Component: | libffi | Assignee: | Andrew Haley <aph> | |
Status: | CLOSED ERRATA | QA Contact: | Michael Petlan <mpetlan> | |
Severity: | low | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 7.0 | CC: | dbhole, fweimer, iptables-maint-list, lvrabec, mcermak, mgrepl, mnewsome, mpetlan, pvrabec, twoerner | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | x86_64 | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | libffi-3.0.13-18.el7 | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1971380 (view as bug list) | Environment: | ||
Last Closed: | 2016-11-04 05:04:33 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1297579, 1313485 |
Description
Tomasz Konefal
2014-10-10 17:30:05 UTC
This is a leak coming for firewalld. >>> base64.b16decode("2F6465762F73686D2F66666975614B66677A202864656C6574656429") '/dev/shm/ffiuaKfgz (deleted)' This is likely the NX bypass from libffi. firewalld probably uses libffi-generated proxies for girepository access. For background on the NX bypass with page aliasing, see <http://www.akkadia.org/drepper/selinux-mem.html> (last section). This is a libffi bug: /* Open a temporary file name, and immediately unlink it. */ static int open_temp_exec_file_name (char *name) { int fd = mkstemp (name); if (fd != -1) unlink (name); return fd; } It should use mkostemp with O_CLOEXEC. Already fixed upstream: https://github.com/atgreen/libffi/commit/8daeed9570af72eb135c8ded460d2888f05b2e68 Already fixed upstream. Acking. Reproduced with libffi-3.0.13-16.el7 and passed with libffi-3.0.13-18.el7. VERIFIED. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2385.html |