This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug dynamic-link/22851] ld library ELF load error

From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Mon, 19 Feb 2018 08:13:04 +0000
Subject: [Bug dynamic-link/22851] ld library ELF load error
Auto-submitted: auto-generated
References: <bug-22851-131@http.sourceware.org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=22851

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2018-02-19
                 CC|                            |fweimer at redhat dot com
     Ever confirmed|0                           |1
              Flags|                            |security-

--- Comment #1 from Florian Weimer <fweimer at redhat dot com> ---
Thanks for reporting this.

ldd is not intended to be executed on untrusted binaries, so this is not a
security vulnerability.

This is not the only issue with ldd.  Bug 20857 demonstrates that the initial
file mapping (and not just PT_LOAD segments) can override the dynamic linker.

(The PT_LOAD approach discussed here works reliably because the kernel does not
independently randomize the address of file mappings, even without MAP_FIXED.)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

References:
- [Bug dynamic-link/22851] New: ld library ELF load error
  - From: blackzert at gmail dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]