[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#670993: busybox: Please use dpkg-buildflags for hardening support

On 14.05.2012 23:13, Jonathan Nieder wrote:
> Michael Tokarev wrote:
>> That's the constructs like this:
>>   bb_error_msg_and_die(bb_msg_memory_exhausted);
>> where bb_msg_memory_exhausted is declared as extern char *.
>> This is a poor-man implementation of internal constant
>> string folding done by gcc for years.
> How about this patch?  It fixes a few bugs, if I understand correctly
> (for example, "stat -Z <string with % signs in it>" passes that string
> to vasprintf, allowing privilege escalation if a privileged script
> uses a user-specified string in that argument).  I fear it would
> increase the text size, though.
> A better patch might involve introducing a separate
> 	bb_error_msgf
> function for callers that want to pass a format and letting
> bb_error_msg take a simple string, or turning bb_msg_memory_exhausted
> et al into string literals as you suggested.

I'm not upstream, but I still don't think this is a right approach.
Almost all uses of bb_error_msg and friends are supposed to use
static/constant strings, and introducing additional "%s" is just
unnecessary.  If I were upstream I'd reject this approach.  But if
you think it is okay, please ask upstream about this approach --
I definitely don't want to carry such a patch in Debian.

The stat -Z case is a real bug however, and should be fixed
spearately.  But this is - IMHO - a different story.



Reply to: