I'm having an issue with the new 'prlimit' additions to 1.0.40. One of
my targets runs an older kernel that predates the prlimit64 syscall. I
sent in patch that guards around that code, though it would still be
defined in headers and probably still cause me issues.
My other target uses kernel 2.6.36.4, which should include the syscall,
but I get an error the same as this github issue.
https://github.com/util-linux/util-linux/commit/01e94325e676f36b364032a6f5a…
Also, when I try to compile sample program that target:
#include <sys/types.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <stddef.h>
int main ()
{
int ret;
ret = prlimit(0, RLIMIT_AS, NULL, NULL);
if (ret != 0) {
return 1;
};
return 0;
}
I get error
prlimit.c:10:11: warning: implicit declaration of function ‘prlimit’;
did you mean ‘setrlimit’? [-Wimplicit-function-declaration]
10 | ret = prlimit(0, RLIMIT_AS, NULL, NULL);
| ^~~~~~~
| setrlimit
on unpatched uclibc-ng like symbols still aren't being visible.
thanks,
Lance Fredrickson
Greetings,
We have received a report that indicates that one of your products contains a vulnerability. In the interest of coordinated disclosure (which aims to address vulnerabilities before they can be exploited by attackers), we would like to communicate this information to you.
To view the details associated with this case, please visit https://kb.cert.org/vince/ and create an account on VINCE, which is our coordination platform. Within VINCE, it is possible to view the original vulnerability report. VINCE also facilitates direct communication with the reporter, pending the reporter's willingness to communicate about the case.
If you need to reply to this email, please do not alter the VU# in the subject line to ensure that your message is routed properly on our end.
Regards,
Vulnerability Analysis Team
======================================================================
CERT Coordination Center
kb.cert.org / cert(a)cert.org
======================================================================
-----Original Message-----
From: Waldemar Brodkorb <wbx(a)uclibc-ng.org>
Sent: Tuesday, February 1, 2022 1:21 PM
To: Timur David Snoke <tdsnoke(a)cert.org>
Cc: 'devel(a)uclibc-ng.org' <devel(a)uclibc-ng.org>
Subject: Re: [uclibc-ng-devel] Vulnerability in uClibc-ng and also uClibc
Hi Timur,
Timur David Snoke wrote,
> Greetings,
>
>
>
> We have a reported vulnerability in both this library and the
> unmaintained one, how can we communicate this to the developers?
>
>
>
> Regards,
sent an email to the list.
best regards
Waldemar
Greetings,
We have a reported vulnerability in both this library and the unmaintained one, how can we communicate this to the developers?
Regards,
Vulnerability Analysis Team
======================================================================
CERT Coordination Center
kb.cert.org / cert(a)cert.org<mailto:cert@cert.org>
======================================================================