This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug dynamic-link/21209] New: LD_HWCAP_MASK read in setuid binaries


https://sourceware.org/bugzilla/show_bug.cgi?id=21209

            Bug ID: 21209
           Summary: LD_HWCAP_MASK read in setuid binaries
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: dynamic-link
          Assignee: unassigned at sourceware dot org
          Reporter: siddhesh at sourceware dot org
  Target Milestone: ---

To be on the safe side, LD_HWCAP_MASK should not be read in setuid binaries
since it may alter the variants of string and math functions that are used in
certain architectures, potentially increasing attack vector if an outdated
string implementation for an architecture is found to have an exploitable bug
that would have otherwise not affected newer platforms.

Patch coming up.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]