This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/25204] LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries (CVE-2019-19126)
- From: "rschiron at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 21 Nov 2019 17:01:39 +0000
- Subject: [Bug dynamic-link/25204] LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries (CVE-2019-19126)
- Auto-submitted: auto-generated
- References: <bug-25204-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=25204
rschiron at redhat dot com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rschiron at redhat dot com
--- Comment #7 from rschiron at redhat dot com ---
I believe this should be treated as a security hardening the same as other
similar issues with weak ASLR have been treated (e.g.
https://sourceware.org/bugzilla/show_bug.cgi?id=22852 ,
https://sourceware.org/bugzilla/show_bug.cgi?id=22853#c3 ).
I do see how this is easier to trigger and more common in setuid binaries than
the other similar flaws, but it still requires another unrelated vulnerability
to be of any use and ASLR is a post-exploitation mitigation.
--
You are receiving this mail because:
You are on the CC list for the bug.