This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Missing security fix in elf/dl-open.c?
- From: "Carlos O'Donell" <carlos at redhat dot com>
- To: Florian Weimer <fweimer at redhat dot com>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Fri, 27 Feb 2015 00:07:50 -0500
- Subject: Re: Missing security fix in elf/dl-open.c?
- Authentication-results: sourceware.org; auth=none
- References: <54ECB0B4 dot 1030602 at redhat dot com>
On 02/24/2015 12:11 PM, Florian Weimer wrote:
> Some downstreams include this hunk in their patches related to
> CVE-2010-3847 and CVE-2011-0536:
>
> Index: glibc-2.12-2-gc4ccff1/elf/dl-object.c
> ===================================================================
> --- glibc-2.12-2-gc4ccff1.orig/elf/dl-object.c
> +++ glibc-2.12-2-gc4ccff1/elf/dl-object.c
> @@ -214,6 +214,9 @@ _dl_new_object (char *realname, const ch
> out:
> new->l_origin = origin;
> }
> + else if (INTUSE(__libc_enable_secure) && type == lt_executable)
> + /* The origin of a privileged program cannot be trusted. */
> + new->l_origin = (char *) -1;
>
> return new;
> }
>
> I can't find this in glibc master. Is the hunk above needed, or is it
> just hardening?
Seems like additional hardening to me, and it could break real applications.
c.