This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

What about LD_DEBUG?

From: Paweł Sakowski <pawel at sakowski dot eu dot org>
To: libc-alpha at sources dot redhat dot com
Date: Thu, 16 Sep 2004 11:30:35 +0200
Subject: What about LD_DEBUG?

Sorry for prematurely sending this email last time.


Security advisories warn about a LD_DEBUG-related vulnerability in
glibc:

http://www.securitytracker.com/alerts/2004/Aug/1010975.html

Gentoo claims to have a fix:

http://www.gentoo.org/cgi-bin/viewcvs.cgi/sys-libs/glibc/files/glibc-
sec-hotfix-20040804.patch?rev=1.2

Not everybody agrees it's the right solution, though:

http://sources.redhat.com/ml/libc-hacker/2004-08/msg00059.html

Could some glibc developer take a position on this issue? Can you
acknowledge that there is a bug? Is the Gentoo solution correct? If not,
when will the problem be fixed within glibc itself?

-- 
+----------------------------------------------------------------------+
| Paweł Sakowski <pawel@sakowski.eu.org>            Never trust a man  |
|                            who can count up to 1023 on his fingers.  |
+----------------------------------------------------------------------+

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]