]> git.ipfire.org Git - thirdparty/glibc.git/commit
projects / thirdparty / glibc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fec2dc4) | patch
CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 programs [BZ #21624]
authorFlorian Weimer <fweimer@redhat.com>
Mon, 19 Jun 2017 16:34:53 +0000 (18:34 +0200)
committerAdhemerval Zanella <adhemerval.zanella@linaro.org>
Thu, 13 Jul 2017 14:35:56 +0000 (11:35 -0300)
commited739093d19855c71b3f38bfed7d318340b22612
treecd7ba6f9453f3ad85fb65419645d478517c97944tree
parentfec2dc4089f6688e0f4ffc962700a0858f08bef9commit | diff
CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 programs [BZ #21624]

LD_LIBRARY_PATH can only be used to reorder system search paths, which
is not useful functionality.

This makes an exploitable unbounded alloca in _dl_init_paths unreachable
for AT_SECURE=1 programs.

(cherry picked from commit f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d)
ChangeLog diff | blob | blame | history
NEWS diff | blob | blame | history
elf/rtld.c diff | blob | blame | history
A mirror of the official glibc repository