Recently the release of the new version of Glibc 2.34 was announced which comes after six months of development and in which several quite important changes have been made, among which the inclusion of the libpthread, libdl, libutil and libanl libraries, as well as various bug fixes of which one of they caused blockages.
For those who are unfamiliar with Glibc, they should know what it is a GNU C library, commonly known as glibc is the standard GNU C runtime library. On systems where it is used, this C library that provides and defines system calls and other basic functions, it is used by almost all programs.
Main new features of Glibc 2.34
In this new version of Glibc 2.34 that is presented libpthread, libdl, libutil and libanl have been integrated into the main library, using its functionality in applications no longer requires binding them with the -lpthread, -ldl, -lutil, and -lanl flags.
Furthermore, it is mentioned that preparations have been made to integrate libreolv into libc, with which the integration will allow a smoother glibc update process and it will simplify runtime implementation and stub libraries have also been provided for compatibility with applications built with earlier versions of glibc.
On the part of the changes focused on Linux Glibc 2.34 highlights the added ability to use 64 bit time_t type in configs that traditionally used the time_t type 32 bits. This feature is only available on systems with kernel 5.1 and higher.
Another specific change for Linux is the implementation of the execveat function, who allows executing an executable file from an open file descriptor. The new function is also used in the implementation of the fexecve call, which does not require the / proc pseudo-filesystem to be mounted at startup.
The function was also added close_range () which is available for Linux versions 5.9 and higher and which can be used to allow a process to close a full range of file descriptors open at the same time, in addition the glibc.pthread.stack_cache_size parameter is implemented, which can be used to adjust the size of the pthread stack cache.
Moreover, added _Fork function, a replacement for function fork which meets the requirements of "async-signal-safe", that is, it can be called safely from signal handlers. During _Fork execution, a minimal environment is formed, enough to call functions in signal handlers like raise and execve, without invoking features that can change locks or internal state.
For the part of the vulnerabilities fixed in Glibc 2.34, the following are mentioned:
CVE-2021-27645: The nscd process (name server caching daemon) failed due to a double call to the free function while processing specially crafted network group requests.
CVE-2021-33574: access to a memory area already freed (use-after-free) in the mq_notify function when using the SIGEV_THREAD notification type with a thread attribute for which an alternative CPU binding mask is set. The problem can cause a crash, but other attack options are not excluded.
CVE-2021-35942: Parameter size overflow in wordexp function could crash application.
Of the other changes that stand out:
- The timespec_getres function, defined in the draft ISO C2X standard, has been added and the timespec_get function has been increased with capabilities similar to the POSIX clock_getres function.
- In the gconv-modules file, only a minimal set of main gconv modules remained, and the rest were moved to an additional gconv-modules-extra.conf file located in the gconv-modules.d directory.
- The use of symbolic links to link installable shared objects to the Glibc version has been removed. These objects are now installed as is (for example, libc.so.6 is now a file instead of a link to libc-2.34.so).
- On Linux, functions like shm_open and sem_open now require a filesystem for the shared memory mounted on the / dev / shm mount point.
Finally if you are interested in knowing more about it of this new version, you can check the details in the following link.