This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/11643] ldopen failing with relative path ($ORIGIN) when a capability is set

From: "pasky at suse dot cz" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sources dot redhat dot com
Date: 31 May 2010 17:13:08 -0000
Subject: [Bug libc/11643] ldopen failing with relative path ($ORIGIN) when a capability is set
References: <20100528162846.11643.bugeaud@gmail.com>
Reply-to: sourceware-bugzilla at sourceware dot org

------- Additional Comments From pasky at suse dot cz  2010-05-31 17:13 -------
Roland's point is that bugzilla is for actual bugs, this is not an obvious bug
more of a discussion point; if you'd have questions about it, you should ask at
libc-help.

(Before you do that, consider that AT_SECURE is set by the kernel when the
process has more privileges than the user starting it, and thus means for the
user to plug in custom code to the process context should be limited - more
privileges does not just mean "superuser", the whole point of capabilities is
that specific privileges can be abused as well. The moment you allow $ORIGIN for
a process with a certain capability, it's just as if you'd simply give all users
on the system the capability right away.)

-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=11643

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

References:
- [Bug libc/11643] New: ldopen failing with relative path ($ORIGIN) when a capability is set
  - From: bugeaud at gmail dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]