Date: Mon, 11 Sep 2000 09:52:32 -0700 From: Lionel Cons <Lionel.Cons@CERN.CH> Subject: A new approach to the glibc bugs To: BUGTRAQ@SECURITYFOCUS.COM The two hot bugs in glibc (unsetenv and locale) have been discussed in great details in this forum but I would like to describe now CERN's approach to this problem. We wrote a kernel module (named envcheck) which intercepts the execve system call and sanitises the environment. At the cost of a marginal performance penalty, it has the following advantages over the glibc upgrade: * it can log who is trying to exploit these glibc bugs * it works with statically linked binaries * it is transparent to applications that may be sensitive to a change of glibc (the first upgrade from Red Hat, quoting their advisory, "introduced some threading problems visible with JDK and Mozilla") * it may partially protect libc5 * it could be used as a base to check further things before processes start: argument lengths, non-printable characters in the environment... Don't get me wrong, the real fix is to use the new glibc and to get rid of the printf format bugs but our module can nicely be used in the meantime... For more information, see http://home.cern.ch/cons/security/ ________________________________________________________ Lionel Cons http://home.cern.ch/~cons CERN http://www.cern.ch I disapprove of what you say, but I will defend to the death your right to say it. - Voltaire