This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/11643] ldopen failing with relative path ($ORIGIN) when a capability is set
- From: "roland at gnu dot org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 28 May 2010 18:29:59 -0000
- Subject: [Bug libc/11643] ldopen failing with relative path ($ORIGIN) when a capability is set
- References: <20100528162846.11643.bugeaud@gmail.com>
- Reply-to: sourceware-bugzilla at sourceware dot org
------- Additional Comments From roland at gnu dot org 2010-05-28 18:29 -------
This is not a bug. It's a security feature. $ORIGIN can be abused to load
different libraries into the process and effect a privilege escalation. So,
like LD_LIBRARY_PATH, it is disabled in a process that is setuid or similarly
privileged.
The Linux kernel decides what constitutes "setuid-like" by setting the AT_SECURE
parameter at exec time. libc just follows that. If you want the rules for that
changed, take it up with the kernel people.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
http://sourceware.org/bugzilla/show_bug.cgi?id=11643
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.