This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Missing security fix in elf/dl-open.c?
- From: Allan McRae <allan at archlinux dot org>
- To: Carlos O'Donell <carlos at redhat dot com>, Florian Weimer <fweimer at redhat dot com>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Sun, 01 Mar 2015 02:23:36 +1000
- Subject: Re: Missing security fix in elf/dl-open.c?
- Authentication-results: sourceware.org; auth=none
- References: <54ECB0B4 dot 1030602 at redhat dot com> <54EFFBA6 dot 4070108 at redhat dot com> <54F036B7 dot 2010606 at redhat dot com> <54F09EB0 dot 5000203 at redhat dot com> <54F0C3B5 dot 6070603 at redhat dot com> <54F0D665 dot 3060404 at redhat dot com>
On 28/02/15 06:41, Carlos O'Donell wrote:
> On 02/27/2015 02:21 PM, Florian Weimer wrote:
>> On 02/27/2015 05:43 PM, Carlos O'Donell wrote:
>>>> However, something else already does this in Fedora 20
>>>> (glibc-2.20-7.fc21.x86_64, which lacks this patch as well AFAICT). I
>>>> created a SUID binary with an $ORIGIN RPATH, and it is ignored, but only
>>>> when actually running SUID.
>>>
>>> Likely the `glibc-fedora-elf-ORIGIN.patch` patch in Fedora.
>>
>> Oooh! Does it mean we should upstream this patch instead?
>
> Yes, and that includes reviewing exactly what it does :-)
>
Here is the original submission:
https://sourceware.org/ml/libc-hacker/2010-12/msg00001.html
The discussion was not very helpful.
Allan