This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/12393] ld.so: insecure handling of privileged programs' RPATHs with $ORIGIN
- From: "thoger at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Sun, 17 Apr 2011 20:49:00 +0000
- Subject: [Bug libc/12393] ld.so: insecure handling of privileged programs' RPATHs with $ORIGIN
- Auto-submitted: auto-generated
- References: <bug-12393-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=12393
--- Comment #3 from Tomas Hoger <thoger at redhat dot com> 2011-04-17 20:48:57 UTC ---
(In reply to comment #2)
> The initial comment is highly confusing, since when it says "ld.so currently
> expands $ORIGIN..." it talks NOT about master, but just about the fedora/
> branches!
Petr, I don't understand what confused you so highly. Initial comment does
point out several problematic cases, but it makes it clear that the first two
affect currently used glibc versions (and various past versions, it seems the
behaviour has not changed for 7+ years), and the third one was an issue that a
*proposed* patch to address previous issues introduces, as that problem was not
mentioned in the relevant libc-hacker thread.
> In master, $ORIGIN is still expanded even for setuid programs
As mentioned in comment #0, with an exception mentioned there too. I fail to
see how this contradicts the part of the comment #0 you quoted.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.