Re: ibus/CVE-2019-14822/glibc
Brian May <bam@debian.org> writes:
> With the 2nd patch, hangs, I pushed Ctrl-C to abort:
>
> (jessie-amd64-sbuild)brian@silverfish:/$ /build/glib2.0-sBwZ3c/glib2.0-2.42.1/debian/build/deb/gio/tests/.libs/lt-network-monitor -k --tap
> # random seed: R02Sfd80eb1bd64b09d0b63ad8bcdfd117d2
> # Start of network-monitor tests
> ^C
git bisect shows the following commit fixes this:
commit 7cba800a84730c9c5843acdd775e42b8c1438edf (HEAD)
Author: Alexander Larsson <alexl@redhat.com>
Date: Mon Jun 1 10:02:47 2015 +0200
GNetworkMonitorNetlink: Fix check for non-kernel messages
This code used to look at the SCM_CREDENTIALS and ignore every message
not from uid 0. However, when user namespaces are in use this does not
work, as if uid 0 is not mapped you get overflowuid instead. Right now
this means we ignore all messages in such user namespaces and glib
apps hang on startup.
We can't look at pids either, as pid 0 is returned for processes
outside your pid namespace.
Instead the correct approach is to look at the sending sockaddr and
if the port id (nl_pid) is zero, then its from the kernel.
Source:
http://lists.linuxfoundation.org/pipermail/containers/2015-May/036032.html
https://bugzilla.gnome.org/show_bug.cgi?id=750203
--
Brian May <bam@debian.org>
Reply to: