Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

fedora 23
obsolete weakness #22

2

Weakness Breakdown


Definition:

An obsolete weakness occurs when someone uses deprecated or obsolete functions when building a system. As a programming language evolves, some functions occasionally become obsolete.

Warning code(s):

These functions are considered obsolete on most systems, and very non-portable.

File Name:

glibc-arm-linux-gnu-2.24/glibc-2.24/sysdeps/unix/sysv/linux/raise.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 23 obsolete weakness.

   /* rt_sigprocmask may fail if:

     1. sigsetsize != sizeof (sigset_t) (EINVAL)
     2. a failure in copy from/to user space (EFAULT)
     3. an invalid 'how' operation (EINVAL)

     The first case is already handle in glibc syscall call by using the arch
     defined _NSIG.  Second case is handled by using a stack allocated mask.
     The last one should be handled by the block/unblock functions.  */

  sigset_t set;
  __libc_signal_block_app (&set);

  INTERNAL_SYSCALL_DECL (err);
  pid_t pid = INTERNAL_SYSCALL (getpid, err, 0);
  pid_t tid = INTERNAL_SYSCALL (gettid, err, 0);

  int ret = INLINE_SYSCALL (tgkill, 3, pid, tid, sig);

  __libc_signal_restore_set (&set);

  return ret;
}
libc_hidden_def (raise)
weak_alias (raise, gsignal) 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.