Randy McMurchy пишет:
Robert Connolly wrote these words on 07/02/06 14:40 CST:
[fixed top-posting]
On July 2, 2006 03:28 pm, Randy McMurchy wrote:
Would this be applicable to the other LFS branches as well?
It's in LFS-svn.
Sorry for the noise. The IDLESTR threw me off as well as I would
have thought a patch to fix a security issue would surely have
been in HLFS if it was already in LFS.
And, BTW:
1) it is a buffer overflow, but, since the attacker cannot supply his
own data to this buffer, it is not exploitable (so it is incorrect to
call it a security issue). PaX does detect this and abort the program,
though.
2) it is not fixed well in HLFS, because "НЕАКТИВЕН" (Russian
translation of "IDLE") takes 18 bytes in UTF-8. But HLFS doesn't support
UTF-8 anyway, and in KOI8-R, the translation does fit into the new
10-byte buffer, and this objection can be ignored for a while. But this
does mean that RedHat didn't fix the bug completely.
3) This is still not a proper fix, as the rest of the header is
misaligned due to other bugs (the "who" program makes an assumption that
the IDLE string takes no more than 4 characters, and this is impossible
to satisfy in translations, and also it makes an assumption that all
other translated strings contain no multibyte characters). Maybe (only
maybe!) it is better to disable translations completely in the "who"
command. I.e., instead of the current IDLESTR sed, apply this one:
sed -i '/config.h/a#undef ENABLE_NLS' src/who.c
The effect (in ru_RU.UTF-8):
unfixed coreutils:
ИМЯ ЛИНИЯ ВРЕМЯ PID КОММЕНТАРИЙ
patrakov pts/0 2006-07-03 10:13 00:01 1833 (:0.0)
IDLESTR hack:
ИМЯ ЛИНИЯ ВРЕМЯ НЕАКТИВЕН PID КОММЕНТАРИЙ
patrakov pts/0 2006-07-03 10:13 00:01 1833 (:0.0)
ENABLE_NLS hack:
NAME LINE TIME IDLE PID COMMENT
patrakov pts/0 2006-07-03 10:13 00:01 1833 (:0.0)
--
Alexander E. Patrakov
--
http://linuxfromscratch.org/mailman/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
