Re: Android port

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Android port

From:	Bruno Haible
Subject:	Re: Android port
Date:	Sun, 06 Aug 2023 14:26:28 +0200

[Redirecting to bug-gnulib. This discussion has nothing to do with Emacs any 
more.]
I wrote:
> > Rationale: I cannot guarantee that Gnulib will be able to support %n
> > in the long run. The "security-aware community" are filing CVEs here and
> > there; %n is among their targets (it has already been disabled from libc
> > on Ubuntu, macOS, and MSVC); and I don't know when they will discover
> > that Gnulib still enables it.

Po Lu wrote:
> Then Gnulib should disregard their whims and move on.  If a program
> employs %n incorrectly, and that exposes a security vulnerability as a
> result, the fault lies with the authors of said program rather than
> Gnulib.

It's not as simple as you think.

1) It's a security problem if a program's binary (+ associated shared libraries)
   somewhere implements a printf with %n, even without actively using it.
   Because an attacker can piece together a format string in memory and call
   that printf function; this then gives them the ability to write an arbitrary
   value into an arbitrary memory location.

2) Whether the fault lies in the program or in Gnulib, is irrelevant. The
   distros attempt to handle a CVE in the simplest way possible. If this means
   to drop the program from the distro, that is what they do.

Bruno

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Android port, Bruno Haible <=
- Re: Android port, Po Lu, 2023/08/06

Prev by Date: Re: Shallow git update in bootstrap
Next by Date: Re: Android port
Previous by thread: Shallow git update in bootstrap
Next by thread: Re: Android port
Index(es):
- Date
- Thread