This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/21209] New: LD_HWCAP_MASK read in setuid binaries
- From: "siddhesh at sourceware dot org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 01 Mar 2017 09:51:33 +0000
- Subject: [Bug dynamic-link/21209] New: LD_HWCAP_MASK read in setuid binaries
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=21209
Bug ID: 21209
Summary: LD_HWCAP_MASK read in setuid binaries
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: dynamic-link
Assignee: unassigned at sourceware dot org
Reporter: siddhesh at sourceware dot org
Target Milestone: ---
To be on the safe side, LD_HWCAP_MASK should not be read in setuid binaries
since it may alter the variants of string and math functions that are used in
certain architectures, potentially increasing attack vector if an outdated
string implementation for an architecture is found to have an exploitable bug
that would have otherwise not affected newer platforms.
Patch coming up.
--
You are receiving this mail because:
You are on the CC list for the bug.