[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ibus/CVE-2019-14822/glibc

Brian May <bam@debian.org> writes:

> With the 2nd patch, hangs, I pushed Ctrl-C to abort:
> (jessie-amd64-sbuild)brian@silverfish:/$ /build/glib2.0-sBwZ3c/glib2.0-2.42.1/debian/build/deb/gio/tests/.libs/lt-network-monitor  -k --tap
> # random seed: R02Sfd80eb1bd64b09d0b63ad8bcdfd117d2
> # Start of network-monitor tests
> ^C

git bisect shows the following commit fixes this:

commit 7cba800a84730c9c5843acdd775e42b8c1438edf (HEAD)
Author: Alexander Larsson <alexl@redhat.com>
Date:   Mon Jun 1 10:02:47 2015 +0200

    GNetworkMonitorNetlink: Fix check for non-kernel messages
    This code used to look at the SCM_CREDENTIALS and ignore every message
    not from uid 0. However, when user namespaces are in use this does not
    work, as if uid 0 is not mapped you get overflowuid instead. Right now
    this means we ignore all messages in such user namespaces and glib
    apps hang on startup.
    We can't look at pids either, as pid 0 is returned for processes
    outside your pid namespace.
    Instead the correct approach is to look at the sending sockaddr and
    if the port id (nl_pid) is zero, then its from the kernel.

Brian May <bam@debian.org>

Reply to: