Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications

To: Florian Weimer <fw@deneb.enyo.de>
Cc: Moritz Mühlenhoff <jmm@inutil.org>, Bernd Zeimetz <bzed@debian.org>, 969926@bugs.debian.org
Subject: Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Fri, 4 Jun 2021 22:30:45 +0200
Message-id: <[🔎] 20210604203045.GD3376@aurel32.net>
Reply-to: Aurelien Jarno <aurelien@aurel32.net>, 969926@bugs.debian.org
In-reply-to: <[🔎] 87sg1xh0h9.fsf@mid.deneb.enyo.de>
References: <159961311079.447707.8355487778276012335.reportbug@think.wals.bzed.at> <20200909103044.GC2297@aurel32.net> <[🔎] YLZlx2YgYhLZqxbQ@pisco.westfalen.local> <[🔎] 871r9hiilx.fsf@mid.deneb.enyo.de> <[🔎] 20210604185339.GC3376@aurel32.net> <[🔎] 87sg1xh0h9.fsf@mid.deneb.enyo.de> <159961311079.447707.8355487778276012335.reportbug@think.wals.bzed.at>

On 2021-06-04 21:51, Florian Weimer wrote:
> * Aurelien Jarno:
> 
> > On 2021-06-04 20:34, Florian Weimer wrote:
> >> * Moritz Mühlenhoff:
> >> 
> >> > Am Wed, Sep 09, 2020 at 12:30:44PM +0200 schrieb Aurelien Jarno:
> >> >> control: forcemerge 967938 969926
> >> >> 
> >> >> Hi,
> >> >> 
> >> >> On 2020-09-09 02:58, Bernd Zeimetz wrote:
> >> >> > Source: glibc
> >> >> > Version: 2.28-10
> >> >> > Severity: serious
> >> >> > Tags: security upstream patch
> >> >> > X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
> >> >> > 
> >> >> > Hi,
> >> >> > 
> >> >> > we are running into the bug
> >> >> > https://sourceware.org/bugzilla/show_bug.cgi?id=20338
> >> >> > causing systemd-sysusers to segfault.
> >> >> > 
> >> >> > Patch is available in the linked bug report.
> >> >> 
> >> >> This has already been reported, Florian will work on a backport, as it
> >> >> is not straightforward to backport it to buster due to the usage of
> >> >> private symbols.
> >> >
> >> > Florian, did you manage to backport this to 2.31? It would be nice to get this
> >> > fixed for a Buster point release still.
> >> 
> >> Do you mean 2.28?  DJ Delorie did the backport, and Carlos O'Donell
> >> implemented the GLIBC_PRIVATE ABI compatibility fix.  I'll see if I
> >> can get the patches to apply to Debian's 2.28 tree.
> >
> > Is it possible to commit those patches to the upstream 2.28 branch? If
> > so, I guess we can simply pull the branch in the Debian package, fixing
> > many other security bugs at the same time.
> 
> I'm concerned about the GLIBC_PRIVATE internal ABI change, it causes
> issues if the update is applied without a reboot:
> 
>   glibc: After upgrade, before reboot, systemd services using USER= do
>   not start (caused by fix for bug 1871397)
>   <https://bugzilla.redhat.com/show_bug.cgi?id=1927040>

That issue looks problematic for Debian, we usually do not require a
(immediate) reboot after applying a security upgrade.

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net

Reply to:

Follow-Ups:
- Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications
  - From: Moritz Mühlenhoff <jmm@inutil.org>
- Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications
  - From: Florian Weimer <fw@deneb.enyo.de>
- Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications
  - From: Aurelien Jarno <aurelien@aurel32.net>
- Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications
Next by Date: Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications
Previous by thread: Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications
Next by thread: Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications
Index(es):
- Date
- Thread