Glibc Dynamic Loader Hit by a Nasty Local Privilege Escalation Vulnerability

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
  • llvm-project

    The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.

    The fact that they haven't rewritten glibc's string parsing wouldn't make their criticism wrong.

    If all of glibc had been written in assembly for every single target triplet, one wouldn't be wrong to point out that there was no benefit to doing that instead of writing it in C, and that it probably took more work and was more error-prone, even if they weren't willing to help port said code to C.

    Just the same, they could have written this in C++.

    Much of LLVM's libc is written in C++ with exposed C bindings (or all, I haven't checked 100%). For example, their libc stdio implementation is completely in C++.

    https://github.com/llvm/llvm-project/tree/main/libc/src/stdi...

    You could say the same thing about Rust and Relibc, but it seems much less likely that a C project would incorporate Rust than that it would incorporate C++.

  • eyra

    Rust programs written entirely in Rust

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • c-ward

    An implementation of libc written in Rust

  • heap-exploitation

    This book on heap exploitation is a guide to understanding the internals of glibc's heap and various attacks possible on the heap structure.

    Not in a HN news comment, I don't have that level of dedication to this because its definitely non trivial. However you can read about them in use against the glibc allocator are here: https://github.com/DhavalKapil/heap-exploitation/blob/master...

    The "house of" attack method are attacks against the allocator, its been a while since I've looked into it, I hope musl have hardened their allocator against this kind of attacks.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts