On 04/ 3/17 05:52 AM, Benjamin Tissoires wrote:
This allows to fix CVE-2017-2625 on Linux platforms without pulling in
libbsd.
The syscall getrandom is available since kernel v3.17. The code first
tries to use the syscall on a supported kernel. If the syscall fails,
it falls back to the current (vulnerable) code.
We do not implement the glibc getrandom() call given that it's only
available in glibc 2.25, and the #if dance is already messy here.
Signed-off-by: Benjamin Tissoires <[email protected]>
This is dangerous - Solaris <sys/syscall.h> defines SYS_getrandom, but
I don't know if our syscall arguments/semantics are the same, and we
only support applications calling the libc getrandom() function, not the
raw syscall.
diff --git a/configure.ac b/configure.ac
index 2288502..d0d4d05 100644
--- a/configure.ac
+++ b/configure.ac
@@ -63,6 +63,9 @@ case $host_os in
;;
esac
+# Checks for syscalls
+AC_CHECK_DECLS([SYS_getrandom], [], [], [[#include <sys/syscall.h>]])
+
# Checks for library functions.
AC_CHECK_LIB([bsd], [arc4random_buf])
AC_CHECK_FUNCS([srand48 lrand48 arc4random_buf])
Could you move that check up into the case $host_os section above it
under a new case for *linux* perhaps?
--
-Alan Coopersmith- [email protected]
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
_______________________________________________
[email protected]: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: https://lists.x.org/mailman/listinfo/xorg-devel
