From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS17314 8.43.84.0/22 X-Spam-Status: No, score=-4.1 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,PDS_RDNS_DYNAMIC_FP,RCVD_IN_DNSWL_MED, RDNS_DYNAMIC,SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (ip-8-43-85-97.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 5918A1F8C6 for ; Mon, 12 Jul 2021 10:13:04 +0000 (UTC) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 67B63383540B for ; Mon, 12 Jul 2021 10:13:03 +0000 (GMT) Received: from insect.birch.relay.mailchannels.net (insect.birch.relay.mailchannels.net [23.83.209.93]) by sourceware.org (Postfix) with ESMTPS id 9337F384F006 for ; Mon, 12 Jul 2021 10:12:50 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 9337F384F006 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gotplt.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id B0E95342B6A; Mon, 12 Jul 2021 10:12:49 +0000 (UTC) Received: from pdx1-sub0-mail-a70.g.dreamhost.com (100-96-16-89.trex-nlb.outbound.svc.cluster.local [100.96.16.89]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 4E1B1342A55; Mon, 12 Jul 2021 10:12:49 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from pdx1-sub0-mail-a70.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.96.16.89 (trex/6.3.3); Mon, 12 Jul 2021 10:12:49 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Keen-Shoe: 07381daa7a71d001_1626084769540_961514751 X-MC-Loop-Signature: 1626084769540:2103996813 X-MC-Ingress-Time: 1626084769540 Received: from pdx1-sub0-mail-a70.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a70.g.dreamhost.com (Postfix) with ESMTP id E3A3188688; Mon, 12 Jul 2021 03:12:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gotplt.org; h=subject:to :cc:references:from:message-id:date:mime-version:in-reply-to :content-type:content-transfer-encoding; s=gotplt.org; bh=hg7uOi Tg0AhSHssB8vojHtt8Qzw=; b=o2+IXM1D/o0GStEc5nfugDiZWT4C1R8cQUvV+j w19F1nsCCxdtiybTPMasb0Kaz+60W3mR3d+wUdZOABSbQgtDYBDbkWpF8x4RpbNB JHDyzZ/pwSBtUDK1rvZUtfSjPQbB57L+pZK0wRXlXaku629igYj4wq2zwATYHUsN O2pqw= Received: from [192.168.1.139] (unknown [1.186.101.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a70.g.dreamhost.com (Postfix) with ESMTPSA id 35F6D879D2; Mon, 12 Jul 2021 03:12:46 -0700 (PDT) Subject: Re: Security implications of debugging features To: Florian Weimer References: <4d9d675f-cffa-4a5f-0af2-3be56532ce67@gotplt.org> <87lf6bdf33.fsf@oldenburg.str.redhat.com> X-DH-BACKEND: pdx1-sub0-mail-a70 From: Siddhesh Poyarekar Message-ID: <746d3148-7ea3-d204-6e76-6f1c2092643a@gotplt.org> Date: Mon, 12 Jul 2021 15:42:41 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1 MIME-Version: 1.0 In-Reply-To: <87lf6bdf33.fsf@oldenburg.str.redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: libc-alpha@sourceware.org Errors-To: libc-alpha-bounces+e=80x24.org@sourceware.org Sender: "Libc-alpha" On 7/12/21 3:33 PM, Florian Weimer wrote: >> ~~~~~~~~~~ >> Debugging features >> >> glibc comes with a number of debugging features that allow developers >> to isolate root causes of problems. Bugs in debugging features that >> are enabled by explicitly compiling applications or glibc to use them >> are not considered security vulnerabilities and will be treated as >> regular bugs. Examples of such features are mcheck and mtrace, which >> allow debugging and tracing of glibc malloc functions. >> >> Bugs in debugging features that are enabled by exporting an >> environment variable in the environment of a program may for now be >> considered security issues in a local context. >> ~~~~~~~~~~ > > I don't understand the second paragraph. What I intend to convey is that bugs in debugging features won't be considered remotely exploitable. > I think we need to talk about AT_SECURE (SUID) mode in this context. Could you elaborate on what you'd like mentioned? Would you like a note that the dynamic linker wipes out debugging options when running setuid binaries? It seems like a security claim (there could well be a bug in there that negates it) and hence not suitable for this text. Siddhesh