[arch-general] glibc 2.18-5 question

LANGLOIS Olivier PIS -EXT olivier.pis.langlois at transport.alstom.com
Thu Sep 26 11:15:12 EDT 2013


Hi,

I just checked what was the motivation for this 5th release and I have found:

http://hmarco.org/bugs/CVE-2013-4788.html

where it says:

The vulnerability is caused due to the non initialization to a random value (it is always zero) of the "pointer guard" by the glibc only when generating static compiled executables. Dynamic executables are not affected. Pointer guard is used to mangle the content of sensible pointers (longjmp, signal handlers, etc.), if the pointer guard value is zero (non-initialized) then it is not effective.

So, out of curiosity, how big is the threat since I am under the impression that almost 100% if not 100% of Arch binaries uses libc.so

Greetings,
Olivier


________________________________
CONFIDENTIALITY : This e-mail and any attachments are confidential and may be privileged. If you are not a named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose or store or copy the information in any medium.


More information about the arch-general mailing list