This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/22851] ld library ELF load error
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Mon, 19 Feb 2018 08:13:04 +0000
- Subject: [Bug dynamic-link/22851] ld library ELF load error
- Auto-submitted: auto-generated
- References: <bug-22851-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=22851
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2018-02-19
CC| |fweimer at redhat dot com
Ever confirmed|0 |1
Flags| |security-
--- Comment #1 from Florian Weimer <fweimer at redhat dot com> ---
Thanks for reporting this.
ldd is not intended to be executed on untrusted binaries, so this is not a
security vulnerability.
This is not the only issue with ldd. Bug 20857 demonstrates that the initial
file mapping (and not just PT_LOAD segments) can override the dynamic linker.
(The PT_LOAD approach discussed here works reliably because the kernel does not
independently randomize the address of file mappings, even without MAP_FIXED.)
--
You are receiving this mail because:
You are on the CC list for the bug.