Slashdot Mirror

← Back to Stories (view on slashdot.org)

Project Zero Exploits 'Unexploitable' Glibc Bug

Posted by Unknown on from the never-say-never dept.

NotInHere (3654617) writes with news that Google's Project Zero has been busy at work. A month ago they reported an off-by-one error in glibc that would overwrite a word on the heap with NUL and were met with skepticism at its ability to be used in an attack. Google's 'Project Zero' devised an exploit of the out-of-bounds NUL write in glibc to gain root access using the setuid binary pkexec in order to convince skeptical glibc developers. 44 days after being reported, the bug has been fixed. They even managed to defeat address space randomization on 32-bit platforms by tweaking ulimits. 64-bit systems should remain safe if they are using address space randomization.

10 of 98 comments (clear)

  1. Re: microsofties here is your chance to party by AvitarX · · Score: 5, Insightful

    Actually, I find the arrogance of calling an obvious bug "unexploitable" disturbing.

    Most ARM is 32 bit...

    --
    Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
  2. Re: microsofties here is your chance to party by Anonymous Coward · · Score: 1, Insightful

    The word you're looking for is 'skeptical', and then they went and fixed it when they were proven wrong. This is actually the opposite of arrogant.

  3. Honestly, when will people learn? by Anonymous Coward · · Score: 5, Insightful

    Never say never.

    Unexploitable? Srsly? GAC.

    An acquaintance recently posted "Six Stages of Debugging" on his g+ page. (1. That can't happen, 2. That doesn't happen on my machine, 3. That shouldn't happen, 4. Why does that happen? 5. Oh, I see, and 6. How did that ever work). Doesn't an software dev who has been working for more than about three years go straight to No. 4?

    The things they don't teach you in a CS degree.

    1. Re:Honestly, when will people learn? by Narcocide · · Score: 4, Insightful

      This is seriously shit your CS 100 or 200-level teacher SHOULD have taught you, if you got a CS degree. I think it may depend largely upon where/when you got your degree though. They're only all the same on paper.

    2. Re:Honestly, when will people learn? by JazzXP · · Score: 3, Insightful

      Yes, but according to your clients, it's still your fault.

    3. Re:Honestly, when will people learn? by Anubis+IV · · Score: 3, Insightful

      Sure, which is why you have proper logging that allows you to point them in the right direction. At least a few times a year, I have to advise users to get in touch with their IT department to fix their corrupted Arial font file or some other such nonsense since it's causing problems for our app (and probably a number of others as well). Where the fault lies is a tangential discussion, however. What matters here is that Step 2 is actually valuable at times, since it can assist you in answering #4 by narrowing down the possible causes.

    4. Re:Honestly, when will people learn? by Anonymous Coward · · Score: 2, Insightful

      The things they don't teach you in a CS degree.
      Actually they *do* teach you that in a CS degree, and also how to fix it. FTFY. Also, they don't put the word 'an' before a word beginning with a consonant.

  4. Re: microsofties here is your chance to party by Ralph+Wiggam · · Score: 2, Insightful

    The first part is arrogance. The second part is pragmatic humility.

  5. Re: microsofties here is your chance to party by phantomfive · · Score: 3, Insightful

    The word you're looking for is 'skeptical', and then they went and fixed it when they were proven wrong. This is actually the opposite of arrogant.

    They should have fixed the bug as soon as they realized it was there, and not waited until someone proved it was an especially bad bug.

    --
    "First they came for the slanderers and i said nothing."
  6. Re:microsofties here is your chance to party by Sun · · Score: 4, Insightful

    No.

    Off by ones are much easier to fix than to prove safe. The amounts of bugs called "unexploitable" until an exploit was provided is staggering. No mildly security aware person will avoid fixing a buffer overflow because it is unexploitable.

    Shachar