On 04/ 3/17 08:52 AM, Benjamin Tissoires wrote:
On Mon, Apr 3, 2017 at 4:02 PM, Alan Coopersmith
<[email protected]> wrote:
On 04/ 3/17 05:52 AM, Benjamin Tissoires wrote:
This allows to fix CVE-2017-2625 on Linux platforms without pulling in
libbsd.
The syscall getrandom is available since kernel v3.17. The code first
tries to use the syscall on a supported kernel. If the syscall fails,
it falls back to the current (vulnerable) code.
We do not implement the glibc getrandom() call given that it's only
available in glibc 2.25, and the #if dance is already messy here.
Signed-off-by: Benjamin Tissoires <[email protected]>
This is dangerous - Solaris <sys/syscall.h> defines SYS_getrandom, but
I don't know if our syscall arguments/semantics are the same, and we
only support applications calling the libc getrandom() function, not the
raw syscall.
I see. In that case, would it help to use unconditionally the libc
getrandom() function, and in case it's not there, provide a stub for
it through the syscall or other emulation layer?
This is a question that only makes sense on Linux - as far as I know
every other platform always has matching libc & kernels, so won't have
the syscall without the libc support.
--
-Alan Coopersmith- [email protected]
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
_______________________________________________
[email protected]: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: https://lists.x.org/mailman/listinfo/xorg-devel
