This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug dynamic-link/25204] LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries (CVE-2019-19126)

From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Fri, 22 Nov 2019 13:04:45 +0000
Subject: [Bug dynamic-link/25204] LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries (CVE-2019-19126)
Auto-submitted: auto-generated
References: <bug-25204-131@http.sourceware.org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=25204

--- Comment #12 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.26/master branch has been updated by Florian Weimer
<fw@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc42e3bd44e7e9f616162d4550f1d35e04bddb5b

commit bc42e3bd44e7e9f616162d4550f1d35e04bddb5b
Author: Marcin Kościelnicki <mwk@0x04.net>
Date:   Thu Nov 21 00:20:15 2019 +0100

    rtld: Check __libc_enable_secure before honoring LD_PREFER_MAP_32BIT_EXEC
(CVE-2019-19126) [BZ #25204]

    The problem was introduced in glibc 2.23, in commit
    b9eb92ab05204df772eb4929eccd018637c9f3e9
    ("Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT").

    (cherry picked from commit d5dfad4326fc683c813df1e37bbf5cf920591c8e)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

References:
- [Bug dynamic-link/25204] New: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries
  - From: koriakin at 0x04 dot net

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]