From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-alpha-bounces+e=80x24.org@sourceware.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN: AS17314 8.43.84.0/22
X-Spam-Status: No, score=-3.7 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
	PDS_RDNS_DYNAMIC_FP,RCVD_IN_DNSWL_MED,RDNS_DYNAMIC,SPF_HELO_PASS,
	SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2
Received: from sourceware.org (ip-8-43-85-97.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by dcvr.yhbt.net (Postfix) with ESMTPS id E361B1F8C6
	for <e@80x24.org>; Mon, 12 Jul 2021 10:17:13 +0000 (UTC)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 13C013835816
	for <e@80x24.org>; Mon, 12 Jul 2021 10:17:13 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 13C013835816
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1626085033;
	bh=2ngTlRWNiAcDtW/EHPdMcKtixyTRheIAWLnR4SfJLgY=;
	h=To:Subject:References:Date:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	 From;
	b=EKgD2ifLT57QEDhWi2HP4tktfdrM3NXZDxZ0Sb3yHD/akTJPGY0IO/10NdYlvpG1K
	 CKliR6e0HpV+42FQv3uCvGG/lkO4RxCWovEUUZxwgXKy1FPfRzL4Jt7D6009/lRZsx
	 yxcEWb+75fLmepmfqKK/umJNg6o28YD8z3/bJIjU=
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124])
 by sourceware.org (Postfix) with ESMTP id 873733848025
 for <libc-alpha@sourceware.org>; Mon, 12 Jul 2021 10:16:53 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 873733848025
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-293-dNyZ6DS2Mtqc0-2K42NI2w-1; Mon, 12 Jul 2021 06:16:52 -0400
X-MC-Unique: dNyZ6DS2Mtqc0-2K42NI2w-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E5BB59126D;
 Mon, 12 Jul 2021 10:16:50 +0000 (UTC)
Received: from oldenburg.str.redhat.com (ovpn-112-103.rdu2.redhat.com
 [10.10.112.103])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 1A61560853;
 Mon, 12 Jul 2021 10:16:49 +0000 (UTC)
To: Siddhesh Poyarekar <siddhesh@gotplt.org>
Subject: Re: Security implications of debugging features
References: <4d9d675f-cffa-4a5f-0af2-3be56532ce67@gotplt.org>
 <87lf6bdf33.fsf@oldenburg.str.redhat.com>
 <746d3148-7ea3-d204-6e76-6f1c2092643a@gotplt.org>
Date: Mon, 12 Jul 2021 12:16:47 +0200
In-Reply-To: <746d3148-7ea3-d204-6e76-6f1c2092643a@gotplt.org> (Siddhesh
 Poyarekar's message of "Mon, 12 Jul 2021 15:42:41 +0530")
Message-ID: <87h7gzdegg.fsf@oldenburg.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
From: Florian Weimer via Libc-alpha <libc-alpha@sourceware.org>
Reply-To: Florian Weimer <fweimer@redhat.com>
Cc: libc-alpha@sourceware.org
Errors-To: libc-alpha-bounces+e=80x24.org@sourceware.org
Sender: "Libc-alpha" <libc-alpha-bounces+e=80x24.org@sourceware.org>

* Siddhesh Poyarekar:

> On 7/12/21 3:33 PM, Florian Weimer wrote:
>>> ~~~~~~~~~~
>>> Debugging features
>>>
>>> glibc comes with a number of debugging features that allow developers
>>> to isolate root causes of problems.  Bugs in debugging features that
>>> are enabled by explicitly compiling applications or glibc to use them
>>> are not considered security vulnerabilities and will be treated as
>>> regular bugs.  Examples of such features are mcheck and mtrace, which
>>> allow debugging and tracing of glibc malloc functions.
>>>
>>> Bugs in debugging features that are enabled by exporting an
>>> environment variable in the environment of a program may for now be
>>> considered security issues in a local context.
>>> ~~~~~~~~~~
>> I don't understand the second paragraph.
>
> What I intend to convey is that bugs in debugging features won't be
> considered remotely exploitable.

I think it's not remote vs local.  It's about whether a trust boundary
is crossed.  This happens only for AT_SECURE invocations.

>> I think we need to talk about AT_SECURE (SUID) mode in this context.
>
> Could you elaborate on what you'd like mentioned?  Would you like a
> note that the dynamic linker wipes out debugging options when running
> setuid binaries?  It seems like a security claim (there could well be
> a bug in there that negates it) and hence not suitable for this text.

Those are debugging features, too, and we will treat them as security
bugs.  So the exception should not cover them.

Thanks,
Florian