Bug 1372306 - glibc: Implement libio vtable verification [rhel-7.4]
Summary: glibc: Implement libio vtable verification [rhel-7.4]
Keywords:
Status: CLOSED DUPLICATE of bug 1398413
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: glibc
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: glibc team
QA Contact: qe-baseos-tools-bugs
URL:
Whiteboard:
Depends On: 1372305
Blocks: 1372375
TreeView+ depends on / blocked
 
Reported: 2016-09-01 11:35 UTC by Florian Weimer
Modified: 2018-04-03 12:02 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-04-03 12:02:57 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Sourceware 20191 0 None None None 2019-06-26 14:03:54 UTC

Description Florian Weimer 2016-09-01 11:35:15 UTC 
We should backport this commit, potentially in a slightly modified verification so that it can be turned of by a file /etc (for increased backwards compatibility):

commit db3476aff19b75c4fdefbe65fcd5f0a90588ba51
Author: Florian Weimer <fweimer>
Date:   Thu Jun 23 20:01:40 2016 +0200

    libio: Implement vtable verification [BZ #20191]

This blocks a publicly documented exploitation techniques which achieves arbitrary code execution through function pointers used by libio to implemented stdio streams.
Comment 1 Carlos O'Donell 2016-11-30 17:11:32 UTC 
Security work in rhel-7 is very important and we will be enabling this in rhel-7.4.
Comment 2 Carlos O'Donell 2017-01-13 18:11:49 UTC 
CVE work took precedence over this in our review of rhel-7.4 work. Thus this bug did not make the cut for rhel-7.4. We will review this again as the rhel-7.4 development process progresses and evaluate if we have capacity to complete this work.
Comment 3 Carlos O'Donell 2017-07-20 07:03:34 UTC 
Given scheduling and capacity I'm moving this to rhel-7.6. We will get other security enhancements in place for rhel-7.5. Or we will come back to this if we have time.
Comment 4 Florian Weimer 2018-04-03 12:02:57 UTC 

*** This bug has been marked as a duplicate of bug 1398413 ***
Note You need to log in before you can comment on or make changes to this bug.