This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Avoid mapping past end of shared object (BZ #18685)
- From: Florian Weimer <fweimer at redhat dot com>
- To: OndÅej BÃlka <neleai at seznam dot cz>
- Cc: Siddhesh Poyarekar <siddhesh at redhat dot com>, libc-alpha at sourceware dot org, roland at hack dot frob dot com
- Date: Fri, 17 Jul 2015 13:25:01 +0200
- Subject: Re: [PATCH] Avoid mapping past end of shared object (BZ #18685)
- Authentication-results: sourceware.org; auth=none
- References: <1437033625-13561-1-git-send-email-siddhesh at redhat dot com> <55A8928D dot 2090409 at redhat dot com> <20150717073516 dot GA5429 at domone> <55A8B221 dot 1010901 at redhat dot com> <20150717080329 dot GA8854 at domone>
On 07/17/2015 10:03 AM, OndÅej BÃlka wrote:
> On Fri, Jul 17, 2015 at 09:43:29AM +0200, Florian Weimer wrote:
>> On 07/17/2015 09:35 AM, OndÅej BÃlka wrote:
>>
>>> Also could you explain how this is security risk? If that needs
>>> modification of elf then attacker could run arbitrary commands by
>>> overriding main for example.
>>
>> Just because I comment on a thread doesn't mean I consider it
>> security-related.
>>
>> Or what do you mean?
>>
> Well here I did bit distracted in reading thread, starting reply, then
> writing what I wanted to ask to wrong post. I wanted to reply instead to
> what Carlos wrote:
Okay, well, I think a safe ldd should be a goal, but I don't think we
can currently make such a commitment.
--
Florian Weimer / Red Hat Product Security