This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Missing security fix in elf/dl-open.c?

From: "Carlos O'Donell" <carlos at redhat dot com>
To: Florian Weimer <fweimer at redhat dot com>, GNU C Library <libc-alpha at sourceware dot org>
Date: Fri, 27 Feb 2015 00:07:50 -0500
Subject: Re: Missing security fix in elf/dl-open.c?
Authentication-results: sourceware.org; auth=none
References: <54ECB0B4 dot 1030602 at redhat dot com>

On 02/24/2015 12:11 PM, Florian Weimer wrote:
> Some downstreams include this hunk in their patches related to
> CVE-2010-3847 and CVE-2011-0536:
> 
> Index: glibc-2.12-2-gc4ccff1/elf/dl-object.c
> ===================================================================
> --- glibc-2.12-2-gc4ccff1.orig/elf/dl-object.c
> +++ glibc-2.12-2-gc4ccff1/elf/dl-object.c
> @@ -214,6 +214,9 @@ _dl_new_object (char *realname, const ch
>      out:
>        new->l_origin = origin;
>      }
> +  else if (INTUSE(__libc_enable_secure) && type == lt_executable)
> +    /* The origin of a privileged program cannot be trusted.  */
> +    new->l_origin = (char *) -1;
> 
>    return new;
>  }
> 
> I can't find this in glibc master.  Is the hunk above needed, or is it
> just hardening?

Seems like additional hardening to me, and it could break real applications.

c.

Follow-Ups:
- Re: Missing security fix in elf/dl-open.c?
  - From: Florian Weimer

References:
- Missing security fix in elf/dl-open.c?
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]