This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug stdio/23313] New: libio vtables validation and standard file object interposition
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 19 Jun 2018 09:06:57 +0000
- Subject: [Bug stdio/23313] New: libio vtables validation and standard file object interposition
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=23313
Bug ID: 23313
Summary: libio vtables validation and standard file object
interposition
Product: glibc
Version: 2.28
Status: NEW
Severity: normal
Priority: P2
Component: stdio
Assignee: fweimer at redhat dot com
Reporter: fweimer at redhat dot com
Target Milestone: ---
Flags: security-
Bug description: https://sourceware.org/ml/libc-alpha/2018-06/msg00437.html
Key part follows.
glibc's printf uses this stdout value to call _IO_vfprintf_internal:
(gdb) info symb 0xf7e6c480
_IO_2_1_stdout_ in section .data of /usr/lib/libstdc++-libc6.2-2.so.3
What happened here is that this version of libstdc++ has interposed
_IO_2_1_stdout_, and it supplied its own vtable:
(gdb) info symb _IO_2_1_stdout_.vtable
filebuf virtual table in section .data of /usr/lib/libstdc++-libc6.2-2.so.3
This is also visibile in LD_DEBUG=bindings logging:
21425: binding file /lib/i386-linux-gnu/libc.so.6 [0] to
/usr/lib/libstdc++-libc6.2-2.so.3 [0]: normal symbol `_IO_2_1_stderr_'
[GLIBC_2.1]
21425: binding file /lib/i386-linux-gnu/libc.so.6 [0] to
/usr/lib/libstdc++-libc6.2-2.so.3 [0]: normal symbol `_IO_2_1_stdout_'
[GLIBC_2.1]
21425: binding file /lib/i386-linux-gnu/libc.so.6 [0] to
/usr/lib/libstdc++-libc6.2-2.so.3 [0]: normal symbol `_IO_2_1_stdin_'
[GLIBC_2.1]
We should fix this by detecting such interposition and disabling validation in
this case.
--
You are receiving this mail because:
You are on the CC list for the bug.