This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On 09 Oct 2015 21:59, Carlos O'Donell wrote: > On 10/08/2015 04:44 AM, Florian Weimer wrote: > > On 09/05/2015 06:39 PM, Hector Marco-Gisbert wrote: > >> A weakness in the dynamic loader have been found, Glibc prior to > >> 2.22.90 are affected. The issue is that the LD_POINTER_GUARD in the > >> environment is not sanitized allowing local attackers easily to bypass > >> the pointer guarding protection on set-user-ID and set-group-ID > >> programs. > >> > >> Details of the weakness: > >> http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html > >> > >> This patch prevents to disable the pointer guarding protection for > >> set-user-ID/set-group-ID programs. > >> > >> For example, executing "LD_POINTER_GUARD=0 /bin/ping" does not disable > >> the pointer guarding protection unless it is directly executed by root > >> (rUID==eUID). > > > > Does anyone actually use LD_POINTER_GUARD for debugging? Maybe we can > > simply retire the environment variable instead. > > I vote we remove it. It has long since passed the point of usefullness. > With a proper tunables infrastructure we would have added it in one release > while we tested things, and then removed it one or two releases later. sounds fine to me. punt it and be done. -mike
Attachment:
signature.asc
Description: Digital signature
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |