[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Android port
From: |
Bruno Haible |
Subject: |
Re: Android port |
Date: |
Sun, 06 Aug 2023 14:26:28 +0200 |
[Redirecting to bug-gnulib. This discussion has nothing to do with Emacs any
more.]
I wrote:
> > Rationale: I cannot guarantee that Gnulib will be able to support %n
> > in the long run. The "security-aware community" are filing CVEs here and
> > there; %n is among their targets (it has already been disabled from libc
> > on Ubuntu, macOS, and MSVC); and I don't know when they will discover
> > that Gnulib still enables it.
Po Lu wrote:
> Then Gnulib should disregard their whims and move on. If a program
> employs %n incorrectly, and that exposes a security vulnerability as a
> result, the fault lies with the authors of said program rather than
> Gnulib.
It's not as simple as you think.
1) It's a security problem if a program's binary (+ associated shared libraries)
somewhere implements a printf with %n, even without actively using it.
Because an attacker can piece together a format string in memory and call
that printf function; this then gives them the ability to write an arbitrary
value into an arbitrary memory location.
2) Whether the fault lies in the program or in Gnulib, is irrelevant. The
distros attempt to handle a CVE in the simplest way possible. If this means
to drop the program from the distro, that is what they do.
Bruno
- Re: Android port,
Bruno Haible <=