Natanael Copa wrote:
> On Mon, 2009-09-28 at 14:27 +0200, ADNET Ghislain wrote:
>
>
>> i think :
>>
>> Use dietlibc: no (you have been warned)
>>
>> is B.A.D you should use dietlibc for vserver utils, at least if not "you have been warned" :)
>>
>
> IIRC that was due to glibc will pull in libs dynamically, even if linked
> statically. I don't think uclibc have this problem so I don't see any
> point in building dietlibc.
>
> I actually tried to build dietlibc but it looks like I'd have to disable
> SSP then.
>
> Does anyone have an exploit/proof-of-concept testcase I could try?
>
On gentoo I recently posted some results with a very recent
vserver-tools and basically nearly all tools segfaulted quite quickly if
I built dietlibc using gcc 3.4.6 hardened (obviously you are using
something slightly different, but...)
However, there is some possibility this is actually due to some "fault"
in the dietlibc/vserver-utils of course, which is simply not picked up
without compiling with SSP... I didn't try under valgrind to try and
catch things and I guess we really need Daniel to offer better insight?
Good luck
Ed W
Received on Tue Sep 29 13:24:18 2009