This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v2 0/3] posix: Execute file function fixes
- From: Joseph Myers <joseph at codesourcery dot com>
- To: Paul Eggert <eggert at cs dot ucla dot edu>
- Cc: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>, <libc-alpha at sourceware dot org>
- Date: Fri, 19 Feb 2016 23:11:56 +0000
- Subject: Re: [PATCH v2 0/3] posix: Execute file function fixes
- Authentication-results: sourceware.org; auth=none
- References: <1455905134-21014-1-git-send-email-adhemerval dot zanella at linaro dot org> <56C75FE3 dot 2030606 at cs dot ucla dot edu>
On Fri, 19 Feb 2016, Paul Eggert wrote:
> On 02/19/2016 10:05 AM, Adhemerval Zanella wrote:
> > * Regarding stack allocation safeness for exec function family I saw no
> > safe solution.
>
> This is a significant regression from the current behavior. We need a better
> solution. Otherwise, I fear that it will be too easy for attackers to exploit
> stack-overflow vulnerabilities by attempting to execute commands with many
> arguments.
This is a case where, as noted in
<https://sourceware.org/ml/libc-alpha/2016-02/msg00044.html>, the stack
usage is proportional to the number of arguments passed by the caller -
that is, it's something determined statically at compile time, not under
the control of an attacker.
While alloca of an amount proportional to the number or size of arguments
passed is not ideal, I don't think it's a vulnerability the way any
unbounded alloca of an amount not proportional to stack space already used
is.
--
Joseph S. Myers
joseph@codesourcery.com