Author: adconrad Date: 2014-02-24 01:37:13 +0000 (Mon, 24 Feb 2014) New Revision: 5964
Added: glibc-package/trunk/debian/patches/any/local-no-malloc-backtrace.diff Modified: glibc-package/trunk/debian/changelog glibc-package/trunk/debian/patches/series Log: debian/patches/any/local-no-malloc-backtrace.diff: Lower the default for MALLOC_CHECK_ to 1, and add it to the list of insecure variables that can't be set for suid binaries. This allows us to not backtrace malloc failures by default (Closes: #739913, LP: #1266492) and skips backtrace for suid binaries where an attacker calling into a corrupt malloc internal data structure with malloc could lead to Bad Things. Modified: glibc-package/trunk/debian/changelog =================================================================== --- glibc-package/trunk/debian/changelog 2014-02-23 13:48:13 UTC (rev 5963) +++ glibc-package/trunk/debian/changelog 2014-02-24 01:37:13 UTC (rev 5964) @@ -2,7 +2,12 @@ !!! PLEASE MOVE ALL MAJOR DEVELOPMENT TO THE 2.19 BRANCH OR UPSTREAM !!! - * + * debian/patches/any/local-no-malloc-backtrace.diff: Lower the default + for MALLOC_CHECK_ to 1, and add it to the list of insecure variables + that can't be set for suid binaries. This allows us to not backtrace + malloc failures by default (Closes: #739913, LP: #1266492) and skips + backtrace for suid binaries where an attacker calling into a corrupt + malloc internal data structure with malloc could lead to Bad Things. -- Aurelien Jarno <[email protected]> Sun, 23 Feb 2014 14:47:58 +0100 Added: glibc-package/trunk/debian/patches/any/local-no-malloc-backtrace.diff =================================================================== --- glibc-package/trunk/debian/patches/any/local-no-malloc-backtrace.diff (rev 0) +++ glibc-package/trunk/debian/patches/any/local-no-malloc-backtrace.diff 2014-02-24 01:37:13 UTC (rev 5964) @@ -0,0 +1,50 @@ +Description: disable backtraces on malloc errors +Author: Steve Beattie <[email protected]> +Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16159 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1266492 +Forwarded: no, needs testing first + +Disable backtrace's by default when malloc internal errors have +occurred; backtraces end up calling malloc themselves which causes a +deadlock on the internal glibc malloc lock. It's also a bad idea to use +malloc if an attacker has corrupted malloc's internal data structures. + +MALLOC_CHECK_ is also added to the list of environment variables to +filter for setuid binaries. + +For debugging purposes, people can manually add MALLOC_CHECK_=3 to their +environment to get the backtracing behavior back. +--- + malloc/malloc.c | 5 ++++- + sysdeps/generic/unsecvars.h | 1 + + 2 files changed, 5 insertions(+), 1 deletion(-) + +Index: b/malloc/malloc.c +=================================================================== +--- a/malloc/malloc.c ++++ b/malloc/malloc.c +@@ -1863,8 +1863,11 @@ void weak_variable (*__after_morecore_ho + + /* ---------------- Error behavior ------------------------------------ */ + ++ ++/* we don't want to emit a backtrace on error, see ++ https://sourceware.org/bugzilla/show_bug.cgi?id=16159, so set to 1 */ + #ifndef DEFAULT_CHECK_ACTION +-#define DEFAULT_CHECK_ACTION 3 ++#define DEFAULT_CHECK_ACTION 1 + #endif + + static int check_action = DEFAULT_CHECK_ACTION; +Index: b/sysdeps/generic/unsecvars.h +=================================================================== +--- a/sysdeps/generic/unsecvars.h ++++ b/sysdeps/generic/unsecvars.h +@@ -17,6 +17,7 @@ + "LD_USE_LOAD_BIAS\0" \ + "LOCALDOMAIN\0" \ + "LOCPATH\0" \ ++ "MALLOC_CHECK_\0" \ + "MALLOC_TRACE\0" \ + "NIS_PATH\0" \ + "NLSPATH\0" \ Modified: glibc-package/trunk/debian/patches/series =================================================================== --- glibc-package/trunk/debian/patches/series 2014-02-23 13:48:13 UTC (rev 5963) +++ glibc-package/trunk/debian/patches/series 2014-02-24 01:37:13 UTC (rev 5964) @@ -266,3 +266,4 @@ any/cvs-vfscanf-0e+0.diff any/cvs-ptrace_peeksiginfo_args.diff any/local-ldconfig-ignore-ld.so.diff +any/local-no-malloc-backtrace.diff -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
