This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: CVE-2009-4273 for stap 1.0?

From: Tony Jones <tonyj at suse dot de>
To: Dave Brolley <brolley at redhat dot com>
Cc: SystemTAP <systemtap at sources dot redhat dot com>
Date: Wed, 3 Feb 2010 11:47:06 -0800
Subject: Re: CVE-2009-4273 for stap 1.0?
References: <20100128051807.GA25969@suse.de> <4B61BFA7.5020809@redhat.com>

On Thu, Jan 28, 2010 at 11:47:35AM -0500, Dave Brolley wrote:
> Hi Tony,
> 
> RHEL55 will soon rebase to systemtap 1.1 which contains the fix, so
> there are currently no plans to backport the fix to 1.0.
> 
> If you need to backport to 1.0, I would be happy to help with any
> problems you may encounter. To help get you started, I've attached a
> list of the changes needed to complete the fix.
> 
> Please use the public mailing list (systemtap@sources.redhat.com)
> for any further questions.

As part of verifying the backport I tried initially to reproduce the problem 
in the un-fixed code based on the "horror cases" mentioned at: 
http://sourceware.org/bugzilla/show_bug.cgi?id=11105#c1

I tried various forms based off of the "stap-client -D 'asdf ; ls /etc' ..."
case but I guess I'm not understanding the side-effects. I assumed the above 
would result in some form of extraneous output at the client side? 

I guess I'd welcome some concrete examples that demonstrate the exploit if
you have a spare couple of minutes. Either on or off-list is fine.

Thanks

Follow-Ups:
- Re: CVE-2009-4273 for stap 1.0?
  - From: Dave Brolley

References:
- Re: CVE-2009-4273 for stap 1.0?
  - From: Dave Brolley

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]