This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Missing security fix in elf/dl-open.c?
- From: "Carlos O'Donell" <carlos at redhat dot com>
- To: Andreas Schwab <schwab at suse dot de>
- Cc: Allan McRae <allan at archlinux dot org>, Florian Weimer <fweimer at redhat dot com>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Sat, 28 Feb 2015 12:43:33 -0500
- Subject: Re: Missing security fix in elf/dl-open.c?
- Authentication-results: sourceware.org; auth=none
- References: <54ECB0B4 dot 1030602 at redhat dot com> <54EFFBA6 dot 4070108 at redhat dot com> <54F036B7 dot 2010606 at redhat dot com> <54F09EB0 dot 5000203 at redhat dot com> <54F0C3B5 dot 6070603 at redhat dot com> <54F0D665 dot 3060404 at redhat dot com> <54F1EB88 dot 50401 at archlinux dot org>
On 02/28/2015 11:23 AM, Allan McRae wrote:
> On 28/02/15 06:41, Carlos O'Donell wrote:
>> On 02/27/2015 02:21 PM, Florian Weimer wrote:
>>> On 02/27/2015 05:43 PM, Carlos O'Donell wrote:
>>>>> However, something else already does this in Fedora 20
>>>>> (glibc-2.20-7.fc21.x86_64, which lacks this patch as well AFAICT). I
>>>>> created a SUID binary with an $ORIGIN RPATH, and it is ignored, but only
>>>>> when actually running SUID.
>>>>
>>>> Likely the `glibc-fedora-elf-ORIGIN.patch` patch in Fedora.
>>>
>>> Oooh! Does it mean we should upstream this patch instead?
>>
>> Yes, and that includes reviewing exactly what it does :-)
>>
>
> Here is the original submission:
> https://sourceware.org/ml/libc-hacker/2010-12/msg00001.html
>
> The discussion was not very helpful.
Andreas,
Do you remember the rationale for the change in [1]?
Cheers,
Carlos.
[1] https://sourceware.org/ml/libc-hacker/2010-12/msg00001.html