[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Suspicious hook-loading mechanism in hyprland
From: Sam James <sam () gentoo ! org>
Date: 2024-04-28 15:34:01
Message-ID: 871q6p8psm.fsf () gentoo ! org
[Download RAW message or body]
Hi!
Someone passed along https://blog.vaxry.net/articles/2024-own-malloc to
me, and I noticed some curious bits.
hyprland seems to have committed an interesting homebrew malloc
implementation (which is fine in theory), but the reasons for it
existing & how it works are not so fine.
Fisrt, it relies on writing an object file at a predictable
path in /tmp and reading it back later.
It was needed to facilitate a trampoline which looks.. unsound. The
whole hook system looks terrifying.
Initial reading:
* https://github.com/hyprwm/Hyprland/blob/965a2e5b213eee595808bc7bff28e7df59442720/src/plugins/HookSystem.cpp#L138
* https://github.com/hyprwm/Hyprland/blob/965a2e5b213eee595808bc7bff28e7df59442720/src/plugins/HookSystem.cpp#L188
There are some primitives that may be useful even once the hook setup is
done too.
I have charitably termed the mechanism "not robust". I haven't reported
it upstream because of their hostility on other matters. I don't feel
too guilty about not having reported it given it fell out so immediately
upon inspection.
I don't plan on spending more time on this, sorry, but I felt like I had
to share it.
thanks,
sam
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic