This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] ldd: never run file directly

From: Andreas Schwab <schwab at suse dot de>
To: Florian Weimer <fweimer at redhat dot com>
Cc: GNU C Library <libc-alpha at sourceware dot org>
Date: Wed, 16 Aug 2017 16:11:12 +0200
Subject: Re: [PATCH] ldd: never run file directly
Authentication-results: sourceware.org; auth=none
References: <b7bba2c1-b089-ef59-25f6-784e3728dbe0@redhat.com>

On Aug 16 2017, Florian Weimer <fweimer@redhat.com> wrote:

> We have this old patch in our packages.  I think most distributions use
> something similar, as a guard against surprises.
>
> Can we finally apply this upstream?
>
> Thanks,
> Florian
>
> From 83e5edd390eabe8f8e8e0d051f929b77a30c0767 Mon Sep 17 00:00:00 2001
> From: Andreas Schwab <schwab@redhat.com>
> Date: Fri, 18 Mar 2011 16:22:52 +0100
> Subject: [PATCH] ldd: never run file directly
>
> * elf/ldd.bash.in: Never run file directly.

This is BZ #16750, CVE-2009-5064.

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

Follow-Ups:
- Re: [PATCH] ldd: never run file directly
  - From: Florian Weimer

References:
- [PATCH] ldd: never run file directly
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]