This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/18018] New: Additional $ORIGIN handling issues (CVE-2011-0536)
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 24 Feb 2015 17:03:53 +0000
- Subject: [Bug dynamic-link/18018] New: Additional $ORIGIN handling issues (CVE-2011-0536)
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=18018
Bug ID: 18018
Summary: Additional $ORIGIN handling issues (CVE-2011-0536)
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: dynamic-link
Assignee: unassigned at sourceware dot org
Reporter: fweimer at redhat dot com
Flags: security+
Most downstream fixes for CVE-2010-3847 were incomplete. One of the follow-up
fixes was never applied to glibc, namely this part:
Index: glibc-2.12-2-gc4ccff1/elf/dl-object.c
===================================================================
--- glibc-2.12-2-gc4ccff1.orig/elf/dl-object.c
+++ glibc-2.12-2-gc4ccff1/elf/dl-object.c
@@ -214,6 +214,9 @@ _dl_new_object (char *realname, const ch
out:
new->l_origin = origin;
}
+ else if (INTUSE(__libc_enable_secure) && type == lt_executable)
+ /* The origin of a privileged program cannot be trusted. */
+ new->l_origin = (char *) -1;
return new;
}
We need to figure out if this patch is still needed.
--
You are receiving this mail because:
You are on the CC list for the bug.