2009-08-13 21:03:03 |
Kees Cook |
bug |
|
|
added bug |
2009-08-13 21:04:10 |
Kees Cook |
bug watch added |
|
http://sourceware.org/bugzilla/show_bug.cgi?id=10149 |
|
2009-08-13 21:04:10 |
Kees Cook |
bug task added |
|
glibc |
|
2009-08-13 21:07:15 |
Kees Cook |
bug task added |
|
eglibc (Ubuntu Jaunty) |
|
2009-08-13 21:07:15 |
Kees Cook |
bug task added |
|
eglibc (Ubuntu Karmic) |
|
2009-08-13 21:07:35 |
Kees Cook |
eglibc (Ubuntu Karmic): importance |
Undecided |
Medium |
|
2009-08-13 21:07:35 |
Kees Cook |
eglibc (Ubuntu Karmic): milestone |
|
karmic-alpha-5 |
|
2009-08-13 21:07:35 |
Kees Cook |
eglibc (Ubuntu Karmic): assignee |
|
Kees Cook (kees) |
|
2009-08-13 21:08:05 |
Kees Cook |
eglibc (Ubuntu Jaunty): importance |
Undecided |
Medium |
|
2009-08-13 21:08:05 |
Kees Cook |
eglibc (Ubuntu Jaunty): status |
New |
Invalid |
|
2009-08-13 21:08:05 |
Kees Cook |
eglibc (Ubuntu Jaunty): assignee |
|
Kees Cook (kees) |
|
2009-08-13 21:08:23 |
Kees Cook |
bug task added |
|
glibc (Ubuntu) |
|
2009-08-13 21:08:34 |
Kees Cook |
glibc (Ubuntu Karmic): status |
New |
Invalid |
|
2009-08-13 21:08:43 |
Kees Cook |
eglibc (Ubuntu Jaunty): assignee |
Kees Cook (kees) |
|
|
2009-08-13 21:13:51 |
Kees Cook |
glibc (Ubuntu Jaunty): importance |
Undecided |
Medium |
|
2009-08-13 21:13:51 |
Kees Cook |
glibc (Ubuntu Jaunty): assignee |
|
Kees Cook (kees) |
|
2009-08-13 21:35:07 |
Launchpad Janitor |
eglibc (Ubuntu Karmic): status |
New |
Fix Released |
|
2009-08-13 21:35:24 |
Bug Watch Updater |
glibc: status |
Unknown |
Confirmed |
|
2009-08-22 06:22:30 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/karmic/eglibc |
|
2009-08-25 09:01:02 |
Kees Cook |
description |
$ bzr branch lp:~ubuntu-bugcontrol/qa-regression-testing/master qa-regression-testing
$ cd qa-regression-testing/scripts
$ ./test-glibc-security.py -v
Build helper tools ... (9.10) ok
glibc heap protection ... ok
sprintf not pre-truncated with -D_FORTIFY_SOURCE=2 ... ok
glibc pointer obfuscation ... ok
Password hashes ... (sha512) ok
Stack guard exists ... ok
Stack guard leads with zero byte ... FAIL
Stack guard is randomized ... ok
======================================================================
FAIL: Stack guard leads with zero byte
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-glibc-security.py", line 170, in test_81_stack_guard_leads_zero
self.assertEqual(one.endswith('00\n'), expected, one)
AssertionError: 0x6f33dd6a30051c1
----------------------------------------------------------------------
Ran 8 tests in 0.145s
FAILED (failures=1)
ProblemType: Bug
Architecture: amd64
Date: Thu Aug 13 13:59:02 2009
Dependencies:
findutils 4.4.2-1
gcc-4.4-base 4.4.1-1ubuntu3
libc6 2.10.1-0ubuntu6
libgcc1 1:4.4.1-1ubuntu3
DistroRelease: Ubuntu 9.10
Package: libc6 2.10.1-0ubuntu6
ProcEnviron:
LANGUAGE=en_US.UTF-8
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-5.24-generic
SourcePackage: eglibc
Uname: Linux 2.6.31-5-generic x86_64 |
IMPACT: stack protections are weakened due to strcpy function being able to write the stack guard (since it does not start with a zero byte).
ADDRESSED: correctly implement leading zero, as done in Karmic.
DISCUSSION: regression potential is low, since the patch is isolated and well tested.
TEST CASE:
$ bzr branch lp:~ubuntu-bugcontrol/qa-regression-testing/master qa-regression-testing
$ cd qa-regression-testing/scripts
$ ./test-glibc-security.py -v
Build helper tools ... (9.10) ok
glibc heap protection ... ok
sprintf not pre-truncated with -D_FORTIFY_SOURCE=2 ... ok
glibc pointer obfuscation ... ok
Password hashes ... (sha512) ok
Stack guard exists ... ok
Stack guard leads with zero byte ... FAIL
Stack guard is randomized ... ok
======================================================================
FAIL: Stack guard leads with zero byte
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-glibc-security.py", line 170, in test_81_stack_guard_leads_zero
self.assertEqual(one.startswith('00 '), expected, one)
AssertionError: 62 55 59 69 cd 20 39 80
----------------------------------------------------------------------
Ran 8 tests in 0.145s
FAILED (failures=1)
expected outcome: 0 failures.
ProblemType: Bug
Architecture: amd64
Date: Thu Aug 13 13:59:02 2009
Dependencies:
findutils 4.4.2-1
gcc-4.4-base 4.4.1-1ubuntu3
libc6 2.10.1-0ubuntu6
libgcc1 1:4.4.1-1ubuntu3
DistroRelease: Ubuntu 9.10
Package: libc6 2.10.1-0ubuntu6
ProcEnviron:
LANGUAGE=en_US.UTF-8
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-5.24-generic
SourcePackage: eglibc
Uname: Linux 2.6.31-5-generic x86_64
|
|
2009-08-25 09:01:52 |
Kees Cook |
attachment added |
|
glibc_2.9-4ubuntu6.1.debdiff http://launchpadlibrarian.net/30804998/glibc_2.9-4ubuntu6.1.debdiff |
|
2009-08-31 13:05:51 |
Martin Pitt |
glibc (Ubuntu Jaunty): status |
New |
Incomplete |
|
2009-08-31 16:47:18 |
Kees Cook |
glibc (Ubuntu Jaunty): status |
Incomplete |
New |
|
2009-08-31 17:06:08 |
Martin Pitt |
tags |
amd64 apport-bug |
amd64 apport-bug regression-release |
|
2009-08-31 17:07:05 |
Martin Pitt |
glibc (Ubuntu Jaunty): status |
New |
Fix Committed |
|
2009-08-31 17:07:10 |
Martin Pitt |
tags |
amd64 apport-bug regression-release |
amd64 apport-bug regression-release verification-needed |
|
2009-09-11 19:20:51 |
Steve Beattie |
tags |
amd64 apport-bug regression-release verification-needed |
amd64 apport-bug regression-release verification-done |
|
2009-09-14 13:49:10 |
Launchpad Janitor |
glibc (Ubuntu Jaunty): status |
Fix Committed |
Fix Released |
|
2010-02-22 22:23:14 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/jaunty-proposed/glibc |
|
2011-05-26 11:35:14 |
Bug Watch Updater |
glibc: status |
Confirmed |
Fix Released |
|
2011-05-26 11:35:14 |
Bug Watch Updater |
glibc: importance |
Unknown |
Medium |
|
2012-02-05 14:18:24 |
Tomas Hoger |
bug |
|
|
added subscriber Tomas Hoger |