This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug dynamic-link/25204] LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries (CVE-2019-19126)

From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Fri, 22 Nov 2019 12:35:33 +0000
Subject: [Bug dynamic-link/25204] LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries (CVE-2019-19126)
Auto-submitted: auto-generated
References: <bug-25204-131@http.sourceware.org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=25204

--- Comment #9 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.29/master branch has been updated by Florian Weimer
<fw@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2626b15e88e00b5e9c8cc3962cf4768a5344f07a

commit 2626b15e88e00b5e9c8cc3962cf4768a5344f07a
Author: Marcin Kościelnicki <mwk@0x04.net>
Date:   Thu Nov 21 00:20:15 2019 +0100

    rtld: Check __libc_enable_secure before honoring LD_PREFER_MAP_32BIT_EXEC
(CVE-2019-19126) [BZ #25204]

    The problem was introduced in glibc 2.23, in commit
    b9eb92ab05204df772eb4929eccd018637c9f3e9
    ("Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT").

    (cherry picked from commit d5dfad4326fc683c813df1e37bbf5cf920591c8e)
    Change-Id: Ib782573b4623ee3edfa9f98ad62f69b9d8edcb27

-- 
You are receiving this mail because:
You are on the CC list for the bug.

References:
- [Bug dynamic-link/25204] New: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries
  - From: koriakin at 0x04 dot net

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]