This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug dynamic-link/22625] RPATH $ORIGIN replaced by PWD for AT_SECURE/SUID binaries or if /proc is not mounted (CVE-2017-16997)


https://sourceware.org/bugzilla/show_bug.cgi?id=22625

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fweimer at redhat dot com
           See Also|                            |https://bugzilla.redhat.com
                   |                            |/show_bug.cgi?id=1526865

--- Comment #4 from Florian Weimer <fweimer at redhat dot com> ---
Note that Fedora and downstreams carry glibc-fedora-elf-ORIGIN.patch:

From 207e77fd3f0a94acdf0557608dd4f10ce0e0f22f Mon Sep 17 00:00:00 2001
From: Andreas Schwab <schwab@redhat.com>
Date: Mon, 9 May 2011 10:55:58 +0200
Subject: [PATCH] Never leave $ORIGIN unexpanded

https://git.centos.org/blob/rpms!!glibc.git/29e4443724024b0dd84b837f6b3ec2191b49179f/SOURCES!glibc-fedora-elf-ORIGIN.patch

There was another attempt to upstream it here:

https://sourceware.org/ml/libc-alpha/2015-12/msg00581.html

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]