From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OuHMJ-0002sy-H8 for garchives@archives.gentoo.org; Sat, 11 Sep 2010 04:06:35 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3B246E08A1; Sat, 11 Sep 2010 04:06:34 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id F423BE08A1 for ; Sat, 11 Sep 2010 04:06:33 +0000 (UTC) Received: from flycatcher.gentoo.org (flycatcher.gentoo.org [81.93.255.6]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 51C961B4059 for ; Sat, 11 Sep 2010 04:06:33 +0000 (UTC) Received: by flycatcher.gentoo.org (Postfix, from userid 2145) id 1DA1220051; Sat, 11 Sep 2010 04:06:31 +0000 (UTC) From: "Ryan Hill (dirtyepic)" To: gentoo-commits@lists.gentoo.org Reply-To: gentoo-dev@lists.gentoo.org, dirtyepic@gentoo.org Subject: [gentoo-commits] gentoo commit in src/patchsets/gcc/4.4.4/gentoo: 20_all_mudflap-setuid-env.patch README.history X-VCS-Repository: gentoo X-VCS-Files: 20_all_mudflap-setuid-env.patch README.history X-VCS-Directories: src/patchsets/gcc/4.4.4/gentoo X-VCS-Committer: dirtyepic X-VCS-Committer-Name: Ryan Hill Content-Type: text/plain; charset=utf8 Message-Id: <20100911040631.1DA1220051@flycatcher.gentoo.org> Date: Sat, 11 Sep 2010 04:06:31 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 5b2b2693-c90f-4095-a652-f3818e7295b8 X-Archives-Hash: 8b3498dd45dc298a04dce06b10e5585f dirtyepic 10/09/11 04:06:31 Modified: README.history Added: 20_all_mudflap-setuid-env.patch Log: Fix mudflap setuid issue (bug #335290). Revision Changes Path 1.10 src/patchsets/gcc/4.4.4/gentoo/README.history file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/4.4.= 4/gentoo/README.history?rev=3D1.10&view=3Dmarkup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/4.4.= 4/gentoo/README.history?rev=3D1.10&content-type=3Dtext/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/4.4.= 4/gentoo/README.history?r1=3D1.9&r2=3D1.10 Index: README.history =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /var/cvsroot/gentoo/src/patchsets/gcc/4.4.4/gentoo/README.histo= ry,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- README.history 11 Sep 2010 03:46:02 -0000 1.9 +++ README.history 11 Sep 2010 04:06:31 -0000 1.10 @@ -1,3 +1,4 @@ + + 20_all_mudflap-setuid-env.patch + 50_all_pr45312-kernel-miscompile.patch + 62_all_ia64-pr41551.patch + 96_all_arm-pr43440.patch 1.1 src/patchsets/gcc/4.4.4/gentoo/20_all_mudflap-setuid= -env.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/4.4.= 4/gentoo/20_all_mudflap-setuid-env.patch?rev=3D1.1&view=3Dmarkup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/gcc/4.4.= 4/gentoo/20_all_mudflap-setuid-env.patch?rev=3D1.1&content-type=3Dtext/pl= ain Index: 20_all_mudflap-setuid-env.patch =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D mudflap accepts options via $MUDFLAP_OPTIONS even when running setuid. -viol-gdb option invokes programs upon error detection which is bad. Note that NULL ptr derefs which are unexploitable in userspace programs, then become exploitable. http://gcc.gnu.org/PR41433 https://bugs.gentoo.org/335290 --- a/libmudflap/mf-runtime.c +++ b/libmudflap/mf-runtime.c @@ -303,6 +303,14 @@ __mf_set_default_options () #ifdef LIBMUDFLAPTH __mf_opts.thread_stack =3D 0; #endif + + /* PR41443: Beware that the above flags will be applied to + setuid/setgid binaries, and cannot be overriden with + $MUDFLAP_OPTIONS. So the defaults must be non-exploitable.=20 + + Should we consider making the default violation_mode something + harsher than viol_nop? OTOH, glibc's MALLOC_CHECK_ is disabled + by default for these same programs. */ } =20 static struct mudoption @@ -442,7 +450,7 @@ __mf_usage () "This is a %s%sGCC \"mudflap\" memory-checked binary.\n" "Mudflap is Copyright (C) 2002-2010 Free Software Foundation,= Inc.\n" "\n" - "The mudflap code can be controlled by an environment variabl= e:\n" + "Unless setuid, a program's mudflap options be set by an envi= ronment variable:\n" "\n" "$ export MUDFLAP_OPTIONS=3D''\n" "$ \n" @@ -705,7 +713,8 @@ __mf_init () =20 __mf_set_default_options (); =20 - ov =3D getenv ("MUDFLAP_OPTIONS"); + if (getuid () =3D=3D geteuid () && getgid () =3D=3D getegid ()) /* PR4= 1433, not setuid */ + ov =3D getenv ("MUDFLAP_OPTIONS"); if (ov) { int rc =3D __mfu_set_options (ov);