This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/25204] New: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries
- From: "koriakin at 0x04 dot net" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 19 Nov 2019 08:13:27 +0000
- Subject: [Bug dynamic-link/25204] New: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=25204
Bug ID: 25204
Summary: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid
binaries
Product: glibc
Version: unspecified
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: dynamic-link
Assignee: unassigned at sourceware dot org
Reporter: koriakin at 0x04 dot net
Target Milestone: ---
The code using LD_PREFER_MAP_32BIT_EXEC is run before the code that removes
security-sensitive variables from the environment, thus the latter is
ineffective. This means a local attacker can effectively weaken ASLR strength
on setuid binaries.
--
You are receiving this mail because:
You are on the CC list for the bug.