This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/23259] Unsubstituted ${ORIGIN} remains in DT_NEEDED for AT_SECURE
- From: "carlos at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 06 Jun 2018 04:36:56 +0000
- Subject: [Bug dynamic-link/23259] Unsubstituted ${ORIGIN} remains in DT_NEEDED for AT_SECURE
- Auto-submitted: auto-generated
- References: <bug-23259-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=23259
--- Comment #3 from Carlos O'Donell <carlos at redhat dot com> ---
(In reply to Dmitry V. Levin from comment #2)
> (In reply to Carlos O'Donell from comment #0)
> > In Fedora we carry a patch to handle unsubstituted $ORIGIN from DT_NEEDED
> > entry for AT_SECURE.
>
> Is it the patch I rebased and submitted several times, the last one at
> https://sourceware.org/ml/libc-alpha/2017-12/msg00941.html
> ?
It is based on the work that you and Andreas Schwab have done.
> [...]
> > This should result in an error, since ${ORIGIN} should not be allowed.
>
> Is it just a conformance issue
> (https://sourceware.org/bugzilla/show_bug.cgi?id=23102#c3), or does it have
> security implications?
The unsubstituted path is used directly to load the DT_NEEDED requirement. It's
only a security issue in the case that a defect in your SUID/GUID application
caused a malformed DT_NEEDED e.g. /bad/${ORIGIN}lib.so. This should cause a
runtime failure because we have a DST in DT_NEEDED and the ELF gABI for
security suggests this fail (and I agree).
--
You are receiving this mail because:
You are on the CC list for the bug.