hardened-ld can enter a infinite loop
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
hardening-wrapper (Debian) |
Fix Released
|
Unknown
|
|||
hardening-wrapper (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
hardened-ld tries to resolve a chain of symbolic links from the file name it was invoked until the next resolving step would resolve the name to "hardened-ld":
while (-l $tool && ($link = resolve_
$tool = $link;
}
Then it appends ".real" to the name and checks if the file does exist and is executable:
if (-x "$tool.real") {
$tool = "$tool.real";
}
If not, the name remains as it is, and will be executed. On the system I observed the infinite loop hardened-ld was invoked from "ld.gold" and "ld.gold.real" was missing. "ld.gold" pointed directly to "hardened-ld", so the resolving while loop did not change the name. The if statement did not change the name either, because "ld.gold.real" did not exist, so hardened-ld did execute "ld.gold". Again, and again, and again, and again.....
Suggested fix: Before executing $tool, compare it to $0. If they are equal issue an error message that "$tool.real" is missing, and this script stops to prevent a endless loop.
Changed in hardening-wrapper (Debian): | |
status: | Unknown → Fix Released |
Thanks for reporting the issue. This was fixed in hardening-wrapper 2.5ubuntu1, closing.