From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 4381 invoked from network); 5 Sep 2021 17:40:04 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 5 Sep 2021 17:40:04 -0000 Received: (qmail 30122 invoked by uid 550); 5 Sep 2021 17:40:02 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 30104 invoked from network); 5 Sep 2021 17:40:01 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1630863590; bh=+RRpF9FXc4iJo3CkWTeJUnck9UKVE0mWTW6VI99NHLs=; h=X-UI-Sender-Class:Date:From:To:Subject:References:In-Reply-To; b=gapvh7bxqbThU2YEbUSqbwISy5l6d95/oHrJt0frz/MNneLfobc73R8yZvkD4GRaA BMvYEBWlcYQFMPh4xY694PYnyBayBSX8F+1ltEZeA5DzSKPO2vWOtHV3VPAobYaxe5 llut8JTgIg42uMP28v9aX/G+xqR07LJb3XRUbTww= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Date: Sun, 5 Sep 2021 19:39:49 +0200 From: Markus Wichmann To: musl@lists.openwall.com Message-ID: <20210905173949.GE3090@voyager> References: <2R2YR9WZKQ66Q.2ITJ44PGSICVN@8pit.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2R2YR9WZKQ66Q.2ITJ44PGSICVN@8pit.net> User-Agent: Mutt/1.9.4 (2018-02-28) X-Provags-ID: V03:K1:Hu3lywyOD/0VsDuzLeH7EFPsrW2mFTjoWwCtAGY8OKiSZf28s2U WXO7SjFs/3h47GM9/tVVitN3uODfYRIMPnSt5J+6n0axWr0SRTxK5UwSvVUKT+zutebJkfi oKX+7wq7vG3oGMP/ZYnCWX5H8b3tBVpgjptNr8Ov8bWBOHP6pPxAgMfimASoIfaDjJ9hTll QizIVVvwvV+8KguuxfaRg== X-UI-Out-Filterresults: notjunk:1;V03:K0:IYG3H7m/JCM=:45jrAAw+PYXUWR6eyJMKr4 rOv2dUYw4BZqAeC4g5PqFaMGZapvxXeI8wnowMRzbcZAKtqef3lByGDEk5pPSU8C7SSUGSY6A QfdmlwjP3IrF7rL/EnFCn2hzxq1YqK/mtFVVkuoZV97lw8Q73HLG2vGKNXPhSdXnM6C2NfDtE 7r1IloZCfS53FYYCf+ZdTZ73PAIgjEYAg9SJ5vK0RFyLob7iBsiRHZ6V10yz+TWXPRBwp/Lg4 wEJcpJwYnta//eVS4Ti9JyIKehYEy1EyUjqifrh8HXei6hWvkO0RrixaicWcb0S4mWPeowZT7 rZaitfDBtg3v+qv5kvdZMOQieG5qfAZByyHY1KgZoEFqZq9q+OzmF46ascdm1nGL2VhUZ2qHy mzCR2DlXwaaCucguWu3wWTuaaJyqNpLPYnZb9UqJ35dpV3n1WZ0DqUXfNB9eq6dCqPLXLCP66 Bjc9iGBiMAXukhJni6S8NfiR7RrQ4m3L1KU+pOdIZjDxwm0wp5Pf90nz2oUjAUk2Gsa3Odg3l VPQMup3oftmwPxm/x6xRbPcyFmAiICXrE1GuihcK7nuuj7PBTKMUIi4GqIraqZCkD6HOIszqp dUQwTh0Cbr33xO4gK3IKpXG5Wwybrl/ZvairNQC2PkRliRkiO4Iv9ojiC4773Vsa+HAhNcQ4o e+wXRFYLmhgePEXALCeK3fRve5WZtwOMNfn1cVKRatSptzEzRgLxLGW5ZUJJ6JyMgD8LXWtcZ /41X/dFFD0SCxpeMuqDoEWGxYPyCUWGTPRvZ0oEu5f1uww0JFsQZGZ0jZo3kcAOuRjjjnX1sX ++OX90ksHyVzZTD8Voyf3t0ScrgyGiVI7dN4tyIyOB0LTJV9plk8s14Fz9Zkj923kWAQ6OqaD FU+5AfHscVCBTQPZBfDC6hHwZI8D+f9N15FE32a43rrrlFHPexiTPDIE5Ucn2Ky6KE1t5rxN8 Rc3L8jPlaMRhJYbt0fsVd9eOox1T7lTDlTci08FyZ3cooRrMETDOw57ySm4DpoLLg/QmoaIUk dxQH5TY2cMCeNya7R7i/GVxiZR1enatJBsyRKX8rhugaAkZ50ribhBUL6p6IInNQ6aaSclK+k rdJ//sNLgv/mHbP363L5b+lFP9TvZnMns54fPdzrjRGbnFnRX1npGXSbw== Subject: Re: [musl] tzset() cannot handle arbitrary inputs Hi all, I don't see any security issues here, only QoI issues. The user setting TZ is also the one getting the crashes. The assumption is less that the input is always valid, but more that if it is invalid, the user will only be hacking themselves. Which is pointless. The user can at any point provide a good definition of TZ, even if the site admin is a BOFH that is deliberatly putting bad zone definitions into the zoneinfo database. That said, the user is prevented from doing so if the login shell crashes after a successful hack of the system, which is where the QoI and security domains start to rub up against each other. Then again, an attacker capable of implanting bad zone files has at least root access, and can therefore just disable user accounts and change passwords. And an attacker capable of setting the user's default TZ variable has user access and can probably just create an RC file that quits the shell or something. So a successful attacker has no need to detain themselves with zone files or TZ parsers. Ciao, Markus