Issue of “System-based mitigation - LD_PRELOAD”

2014-09-30 Klaus Ma 更多博文 » 博客 » GitHub »

原文链接 http://www.k8s.tips/tech/2014/09/30/Issue-of-System-based-mitigation-LD_PRELOAD/
注：以下为加速网络访问所做的原文缓存，经过重新格式化，可能存在格式方面的问题，或偶有遗漏信息，请以原文为准。

In Mitigating the shellshock vulnerability (CVE-2014-6271 and CVE-2014-7169), RedHat provide a System-based mitigation by LD_PRELOAD; but there is an issue that it generates core dump when running /lib64/libc.so.6.

Steps:

Compile the patch from bash_ld_preload.c:

$ gcc bash_ld_preload.c -fPIC -shared -Wl,-soname,bash_ld_preload.so.1 -o bash_ld_preload.so

Apply the patch for current terminal:

LD_PRELOAD=/home/dma/bash_ld_preload.so
export LD_PRELOAD

Segmentation fault when running /lib64/libc.so.6:

[dma@bjr610-04 ~]$ setenv LD_PRELOAD /home/dma/bash_ld_preload.so
[dma@bjr610-04 ~]$ /lib64/libc.so.6
Segmentation fault
[dma@bjr610-04 ~]$ ls
bash_ld_preload.c  bash_ld_preload.so  bigdata  build_cscope_db.sh  core.11613  flexlm  include  jazz  lib  pcc  software  vem_ext  workspace
[dma@bjr610-04 ~]$ file core.11613
core.11613: ELF 64-bit LSB core file AMD x86-64, version 1 (SYSV), SVR4-style, from 'libc.so.6'
[dma@bjr610-04 ~]$

Options:

Option 1: Update bash to the latest version; RH has published patch at https://access.redhat.com/security/cve/CVE-2014-7169
Option 2: Update the patch to check whether environ is null before using it