Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix for CVE-2022-1117
The build script makes an assumption how glibc names it's runtime linker.
This worked fine until glibc-2.34. Starting with that, the naming
convention changed from /usr/lib64/ld-2.*.so to /lib64/ld-linux-x86-64.so.2
The upshot of this is the build script misdetects the run time linker
and this causes the ld_so pattern matcher to not work correctly.
Additionally, non-x86_64 platforms may not have followed the ld-2.*.so
pattern and were misdeteced prior to glibc-2.34.

Would like to thank NCCGroup for reporting this problem.
  • Loading branch information
stevegrubb committed May 24, 2022
1 parent 7ebe884 commit 38a9426
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 2 deletions.
10 changes: 9 additions & 1 deletion fapolicyd.spec
Expand Up @@ -30,7 +30,15 @@ makes use of the kernel's fanotify interface to determine file access rights.
# generate rules for python
sed -i "s/%python2_path%/`readlink -f %{__python2} | sed 's/\//\\\\\//g'`/g" rules.d/*.rules
sed -i "s/%python3_path%/`readlink -f %{__python3} | sed 's/\//\\\\\//g'`/g" rules.d/*.rules
sed -i "s/%ld_so_path%/`find /usr/lib64/ -type f -name 'ld-2\.*.so' | sed 's/\//\\\\\//g'`/g" rules.d/*.rules

# Detect run time linker directly from bash
interpret=`readelf -e /usr/bin/bash \
| grep Requesting \
| sed 's/.$//' \
| rev | cut -d" " -f1 \
| rev`

sed -i "s|%ld_so_path%|`realpath $interpret`|g" rules.d/*.rules

%build
%configure \
Expand Down
6 changes: 5 additions & 1 deletion m4/dyn_linker.m4
@@ -1,6 +1,10 @@
AC_DEFUN([LD_SO_PATH],
[
xpath=`realpath /usr/lib64/ld-2.*.so`
xpath1=`readelf -e /usr/bin/bash | grep Requesting | sed 's/.$//' | rev | cut -d" " -f1 | rev`
xpath=`realpath $xpath1`
if test ! -f "$xpath" ; then
AC_MSG_ERROR([Cant find the dynamic linker])
fi
echo "dynamic linker is.....$xpath"
AC_DEFINE_UNQUOTED(SYSTEM_LD_SO, ["$xpath"], [dynamic linker])
])

0 comments on commit 38a9426

Please sign in to comment.