Re: [uWSGI] [SECURITY] patch for potential stack bypassing

2018-02-06 Thread Roberto De Ioris
> Thanks Roberto. :-) > > Will you disclose the exploit to check my own server? Hi, just run uwsgi --ini path with path bigger than 1024 bytes. you should get a crash. No it is a uWSGI bug, it happens way before the python vm is started > > Does the patch applies cleanly to 2.0.15 ? > >

Re: [uWSGI] [SECURITY] patch for potential stack bypassing

2018-02-06 Thread Etienne Robillard
Thanks Roberto. :-) Will you disclose the exploit to check my own server? Does the patch applies cleanly to 2.0.15 ? Is this is a python 3 bug ? Best regards, Etienne Le 2018-02-06 à 12:22, Roberto De Ioris a écrit : Hi everyone, the following patch (available for both 2.0 and 2.1)

[uWSGI] [SECURITY] patch for potential stack bypassing

2018-02-06 Thread Roberto De Ioris
Hi everyone, the following patch (available for both 2.0 and 2.1) fixes a potential security vulnerability reported yesterday: https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe Any modern system should not be vulnerable thanks to out-of-the-box protections like stack