hardened-ld can enter a infinite loop
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| hardening-wrapper (Debian) |
Fix Released
|
Unknown
|
|||
| hardening-wrapper (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
hardened-ld tries to resolve a chain of symbolic links from the file name it was invoked until the next resolving step would resolve the name to "hardened-ld":
while (-l $tool && ($link = resolve_
$tool = $link;
}
Then it appends ".real" to the name and checks if the file does exist and is executable:
if (-x "$tool.real") {
$tool = "$tool.real";
}
If not, the name remains as it is, and will be executed. On the system I observed the infinite loop hardened-ld was invoked from "ld.gold" and "ld.gold.real" was missing. "ld.gold" pointed directly to "hardened-ld", so the resolving while loop did not change the name. The if statement did not change the name either, because "ld.gold.real" did not exist, so hardened-ld did execute "ld.gold". Again, and again, and again, and again.....
Suggested fix: Before executing $tool, compare it to $0. If they are equal issue an error message that "$tool.real" is missing, and this script stops to prevent a endless loop.
| Steve Beattie (sbeattie) wrote | #1 |
| Changed in hardening-wrapper (Ubuntu): | |
| status: | New → Fix Released |
| importance: | Undecided → Medium |
| Changed in hardening-wrapper (Debian): | |
| status: | Unknown → Fix Released |
Thanks for reporting the issue. This was fixed in hardening-wrapper 2.5ubuntu1, closing.