Bug#1053470: ld.so: ignore tunables in secure mode

To: Michael Hudson-Doyle <michael.hudson@canonical.com>, 1053470@bugs.debian.org
Cc: Christian Göttsche <cgzones@googlemail.com>
Subject: Bug#1053470: ld.so: ignore tunables in secure mode
From: Aurelien Jarno <aurel32@debian.org>
Date: Thu, 5 Oct 2023 07:19:13 +0200
Message-id: <ZR5HUYp0LX/WbmFU@aurel32.net>
Reply-to: Aurelien Jarno <aurel32@debian.org>, 1053470@bugs.debian.org
In-reply-to: <[🔎] CAJ8wqtdF-NdWxVy1TGV-bcUNwj3_xCdcG3EdxMD3_ggzNjBtfA@mail.gmail.com>
References: <[🔎] CAJ2a_Dc3+mqsAAQHC3eZ6Vab5y0fY5GDHA61bA=mDMv1kXnDbg@mail.gmail.com> <[🔎] CAJ2a_Dc3+mqsAAQHC3eZ6Vab5y0fY5GDHA61bA=mDMv1kXnDbg@mail.gmail.com> <[🔎] CAJ8wqtdF-NdWxVy1TGV-bcUNwj3_xCdcG3EdxMD3_ggzNjBtfA@mail.gmail.com> <[🔎] CAJ2a_Dc3+mqsAAQHC3eZ6Vab5y0fY5GDHA61bA=mDMv1kXnDbg@mail.gmail.com>

Hi,

On 2023-10-05 09:33, Michael Hudson-Doyle wrote:
> I think that is the sort of conclusion upstream is coming to in
> https://inbox.sourceware.org/libc-alpha/20231003201151.1406279-1-siddhesh@sourceware.org/T/#e9123bc53d892ab6552e05109ce939d531d741092
> too. In any case, the upstream bug tracker / mailing list is probably the
> place to start with this.

I fully agree with that. Let's try to not have a different behavior for
each distribution by getting this done upstream. If it doesn't work we
could look at doing that at the distribution level.

Regards
Aurelien

> On Thu, 5 Oct 2023 at 07:00, Christian Göttsche <cgzones@googlemail.com>
> wrote:
> 
> > Package: glibc
> > Version: 2.37-12
> >
> > In the light of the recent privilege escalation vulnerability I'd like
> > to suggest disabling the support for tunables in secure mode (most
> > notably for setuid-binaries).
> > This would mitigate future regressions in the handling of the
> > environment variable and possible vulnerabilities caused by the
> > interaction of particular options with security relevant applications.
> >
> > The support could either be disabled at compile time[1] or at runtime
> > via a file existence check (either by reusing `/etc/suid-debug` or a
> > new one like `/etc/suid-tunables`).
> >
> >
> > [1]:
> > https://git.altlinux.org/gears/g/glibc.git?p=glibc.git;a=commitdiff;h=5d1686416ab766f3dd0780ab730650c4c0f76ca9
> >
> >

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                     http://aurel32.net

Reply to:

References:
- Bug#1053470: ld.so: ignore tunables in secure mode
  - From: Christian Göttsche <cgzones@googlemail.com>
- Bug#1053470: ld.so: ignore tunables in secure mode
  - From: Michael Hudson-Doyle <michael.hudson@canonical.com>

Prev by Date: Bug#1053470: ld.so: ignore tunables in secure mode
Next by Date: glibc_2.36-9+deb12u3_source.changes ACCEPTED into proposed-updates
Previous by thread: Bug#1053470: ld.so: ignore tunables in secure mode
Next by thread: glibc_2.36-9+deb12u3_source.changes ACCEPTED into proposed-updates
Index(es):
- Date
- Thread