Description of problem: Stack based buffer overflow occurs, when gnome-system monitor is launched while process that has a file with too long filename mapped in its address space (visible via /proc/$PID/maps), and could potentially lead to arbitrary code execution (mitigated by SSP). Version-Release number of selected component (if applicable): At least FC6 and RHEL5 libgtop2. How reproducible: Always. Steps to Reproduce: # Create a file with too long pathname. Some filesystems limit filenames # to 255 characters, so use a deep directory hierarchy instead export dir=$(perl -e " print 's/'x1000;") mkdir -p $dir # Copy a binary image thata will get mapped upon execution there and run it. # Sleep will harmlessly run for some time... cp /bin/sleep $dir $dir/sleep 100 & # Run system monitor while the program is running gnome-system-monitor Actual results: *** stack smashing detected ***: gnome-system-monitor terminated Expected results: Gnome-system-monitor should help us on our way to salvation, eternal and everlasting love and peace. Additional info: Patch from upstream is available, see the upstream BTS: http://bugzilla.gnome.org/show_bug.cgi?id=396477 http://bugzilla.gnome.org/attachment.cgi?id=80254&action=view
Created attachment 145571 [details] Patch for Gnome bug #396477 libgtop buffer overflow
This flaw also affects FC5
Sandmann: Please push the updated package into FC6.