On Wed, 2017-03-08 at 12:54 -0500, Carlos O'Donell wrote: > In glibc we limit setuid applications, for example sanitizing their > environment where it would cause problems or alter behaviour in > unintended ways. Please explain what these limitations are, and when they were imposed, as in the article https://googleprojectzero.blogspot.nl/2014/08/the-poisoned-nul-byte-2014-edition.html the author is actually using a setuid binary (pkexec) and clearly not running into any limitations with that particular exploit. Also note that heap spraying can happen in any binary that has memory leaks in its option parsing. pkexec.c and pkcheck.c are known to suffer such issues, but other binaries could be affected. Setting MAX_ARG_STRINGS to a sensible value significantly reduces the impact of such heap spraying. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
