mercredi 20 janvier 2016

Breaking Monoculture For Better Security [Episode 1]



GLibc

 - The Gnu C Library-  According to the official page, is "the library which defines the ``system calls" and other basic facilities such as open, malloc, printf, exit.."It was designed primarily to be a portable and high performance C library.

Musl 


- Is a C standard Library designed by Rich Felker (and others). Musl is basically an alternative for Glibc. It is described as lightweight, fast, simple and free and strives to be correct in the sense of standards-conformance and safety


Glibc vs Musl

Throughout the years, Glibc has got a heap of vulnerabilities. The vulnerability count till now has reached 61!
https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-767/GNU-Glibc.html

On the other hand, Musl has had 1 vulnerability in its 4 years of existance.

http://www.cvedetails.com/product/23025/Etalabs-Musl.html?vendor_id=12197

Ghost




The most important issue has been the GHOST vulnerability.

GHOST allowed a total disclosure of confidentiality. It could allow an attacker to take remote control of a system after merely sending a malicious email..

Among other severe issues we had on linux systems were Heartbleed, Poodle and Shellshock.

In order to allow users to switch easily from Glibc to Musl, and vice-versa,Hackers.mu has been working on a series of patches to allow MariaDB to work seamlessly with Musl.

A word of advice however, the patch is still a work in progress, and is pending more in-depth reviews by the Mariadb developer community. The patch was based on an old patch in VoidLinux.

Unfortunately, due to the rapid pace of Mariadb development, it didn't apply cleanly on the latest version, therefore, we had to rewrite it.

Enjoy :
https://github.com/codarrenvelvindron/server/commit/e251dfd859fdece8f7d8e8513fab7f360e6bfdf8

Aucun commentaire:

Enregistrer un commentaire