[PATCH libXdmcp] Use getrandom() syscall if available

Alan Coopersmith alan.coopersmith at oracle.com
Mon Apr 3 15:59:49 UTC 2017


On 04/ 3/17 08:52 AM, Benjamin Tissoires wrote:
> On Mon, Apr 3, 2017 at 4:02 PM, Alan Coopersmith
> <alan.coopersmith at oracle.com> wrote:
>> On 04/ 3/17 05:52 AM, Benjamin Tissoires wrote:
>>>
>>> This allows to fix CVE-2017-2625 on Linux platforms without pulling in
>>> libbsd.
>>> The syscall getrandom is available since kernel v3.17. The code first
>>> tries to use the syscall on a supported kernel. If the syscall fails,
>>> it falls back to the current (vulnerable) code.
>>> We do not implement the glibc getrandom() call given that it's only
>>> available in glibc 2.25, and the #if dance is already messy here.
>>>
>>> Signed-off-by: Benjamin Tissoires <benjamin.tissoires at gmail.com>
>>
>>
>> This is dangerous - Solaris <sys/syscall.h> defines SYS_getrandom, but
>> I don't know if our syscall arguments/semantics are the same, and we
>> only support applications calling the libc getrandom() function, not the
>> raw syscall.
>
> I see. In that case, would it help to use unconditionally the libc
> getrandom() function, and in case it's not there, provide a stub for
> it through the syscall or other emulation layer?

This is a question that only makes sense on Linux - as far as I know
every other platform always has matching libc & kernels, so won't have
the syscall without the libc support.

-- 
	-Alan Coopersmith-              alan.coopersmith at oracle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc


More information about the xorg-devel mailing list