This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] ldd: never run file directly
- From: Andreas Schwab <schwab at suse dot de>
- To: Florian Weimer <fweimer at redhat dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>
- Date: Wed, 16 Aug 2017 16:11:12 +0200
- Subject: Re: [PATCH] ldd: never run file directly
- Authentication-results: sourceware.org; auth=none
- References: <b7bba2c1-b089-ef59-25f6-784e3728dbe0@redhat.com>
On Aug 16 2017, Florian Weimer <fweimer@redhat.com> wrote:
> We have this old patch in our packages. I think most distributions use
> something similar, as a guard against surprises.
>
> Can we finally apply this upstream?
>
> Thanks,
> Florian
>
> From 83e5edd390eabe8f8e8e0d051f929b77a30c0767 Mon Sep 17 00:00:00 2001
> From: Andreas Schwab <schwab@redhat.com>
> Date: Fri, 18 Mar 2011 16:22:52 +0100
> Subject: [PATCH] ldd: never run file directly
>
> * elf/ldd.bash.in: Never run file directly.
This is BZ #16750, CVE-2009-5064.
Andreas.
--
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."