Date: Mon, 08 Oct 2018 12:04:29 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Konstantin Belousov <kostikbel@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-18:12.elf Message-ID: <86pnwkhhzm.fsf@next.des.no> In-Reply-To: <20181007224611.GI5335@kib.kiev.ua> (Konstantin Belousov's message of "Mon, 8 Oct 2018 01:46:11 %2B0300") References: <20180912054309.61C6B13269@freefall.freebsd.org> <20181006173525.GC813@lena.kiev> <20181006182104.GS5335@kib.kiev.ua> <86sh1hs81t.fsf@next.des.no> <20181007224611.GI5335@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Konstantin Belousov <kostikbel@gmail.com> writes:
> Dag-Erling Smørgrav <des@des.no> writes:
> > The string isn't just unterminated, though. It's actually longer than
> > the section. To be precise, "/lib/ld-linux.so.2" is 18 characters long,
> > plus NUL makes 19. The section is supposed to be 17 bytes long. I
> > don't mind forgiving a missing NUL, but I'm not comfortable with reading
> > past the end of the section, and it worries me that Linux doesn't care.
> Apparently it was not Linux. Look at the astro/google-earth/Makefile
> before r425359.
Ah, I see. The port used sed to edit the file in-place instead of using
a tool that understands Elf and would have adjusted the section length.
But it doesn't any more, probably because the linux_base ports install
ld-lsb.so.3, so what's the issue? And regardless, your patch wouldn't
have helped in this case, since it would only have copied the first 17
characters ("/lib/ld-linux.so.", missing the final 2) to the new buffer.
So what is the rationale for the patch?
DES
--
Dag-Erling Smørgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86pnwkhhzm.fsf>